Bitcoin Forum
December 15, 2024, 09:36:35 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [INFO - DISCUSSION] Wormhole attack in Lightning Network  (Read 223 times)
cygan (OP)
Legendary
*
Offline Offline

Activity: 3374
Merit: 9021


icarus-cards.eu


View Profile WWW
September 15, 2023, 10:53:16 AM
Merited by d5000 (3), vapourminer (1), HeRetiK (1), stompix (1), ABCbits (1), DdmrDdmr (1), vjudeu (1), stwenhao (1), ertil (1)
 #1

today i would like to present you 4 slides about 'wormhole attack in lightning network'.
in a wormhole attack, a node operator with two nodes at the beginning and end of the route forwards a payment to itself, but cheats to steal honest charges from the nodes in the middle of the route.
in a nutshell, the wormhole attack allows two colliding users on a payment path to exclude intermediate users from participating in the successful completion of a payment, thereby stealing the payment fees which were intended for honest path nodes.

in the following github link this process is also explained: https://github.com/raiden-network/raiden/issues/3758
i also found a very interesting 30-page report on the subject: https://eprint.iacr.org/2018/472.pdf



https://twitter.com/BTCillustrated

███████████▄
████████▄▄██
█████████▀█
███████████▄███████▄
█████▄█▄██████████████
████▄█▀▄░█████▄████████
████▄███░████████████▀
████░█████░█████▀▄▄▄▄▄
█████░█
██░█████████▀▀
░▄█▀
███░░▀▀▀██████
▀███████▄█▀▀▀██████▀
░░████▄▀░▀▀▀▀████▀
 

█████████████████████████
████████████▀░░░▀▀▀▀█████
█████████▀▀▀█▄░░░░░░░████
████▀▀░░░░░░░█▄░▄░░░▐████
████▌░░░░▄░░░▐████░░▐███
█████░░░▄██▄░░██▀░░░█████
█████▌░░▀██▀░░▐▌░░░▐█████
██████░░░░▀░░░░█░░░▐█████
██████▌░░░░░░░░▐█▄▄██████
███████▄░░▄▄▄████████████
█████████████████████████

█████████████████████████
████████▀▀░░░░░▀▀████████
██████░░▄██▄░▄██▄░░██████
█████░░████▀░▀████░░█████
████░░░░▀▀░░░░░▀▀░░░░████
████░░▄██░░░░░░░██▄░░████
████░░████░░░░░████░░████
█████░░▀▀░▄███▄░▀▀░░████
██████░░░░▀███▀░░░░██████
████████▄▄░░░░░▄▄████████
█████████████████████████
.
...SOL.....USDT...
...FAST PAYOUTS...
...BTC...
...TON...
Phu Juck
Member
**
Offline Offline

Activity: 116
Merit: 76


View Profile
September 16, 2023, 04:17:11 PM
 #2

Attack is always a reason for concern and I'm not a coder but wormhole attack seems to be very, very unlikely?
Like, if we will get visited by Aliens from a different Galaxy next 100 years? It is similarly unlikely.

Is it even possible to have a scenario where Lightning at a certain scale can be attacked? Even if, coders will have already a solution to prevent it?


What I want to ask:
Participants in a wormhole attack will suffer a loss or get punished? What is coder's approach to prevent such attack?
As usual, Bitcoin devs are known for developing a safe solution.
philipma1957
Legendary
*
Offline Offline

Activity: 4340
Merit: 9043


'The right to privacy matters'


View Profile WWW
September 16, 2023, 04:34:37 PM
 #3

today i would like to present you 4 slides about 'wormhole attack in lightning network'.
in a wormhole attack, a node operator with two nodes at the beginning and end of the route forwards a payment to itself, but cheats to steal honest charges from the nodes in the middle of the route.
in a nutshell, the wormhole attack allows two colliding users on a payment path to exclude intermediate users from participating in the successful completion of a payment, thereby stealing the payment fees which were intended for honest path nodes.

in the following github link this process is also explained: https://github.com/raiden-network/raiden/issues/3758
i also found a very interesting 30-page report on the subject: https://eprint.iacr.org/2018/472.pdf



https://twitter.com/BTCillustrated


So have any proven cases happened?

Seems to me in your example C would not be aware of the cheating or am I misunderstanding the reporting from node to node.

Would C say hey why did D not report to me.


Better yet is the A>B>C>D>E path traceable at all?

If it is not traceable and the node path can't be followed I see a lot of other issues.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
HeRetiK
Legendary
*
Offline Offline

Activity: 3150
Merit: 2184


Playgram - The Telegram Casino


View Profile
September 17, 2023, 10:20:45 AM
 #4

Attack is always a reason for concern and I'm not a coder but wormhole attack seems to be very, very unlikely?

It depends.

Unlikely in the sense that it's hard to implement?
No, it seems like a rather straightforward attack.

Unlikely in the sense that one probably wouldn't run into it in the wild?
Yes, because it doesn't look especially profitable and worth the time beyond curiousity. (at least at a first glance, I might be missing something)

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
DaveF
Legendary
*
Offline Offline

Activity: 3696
Merit: 6686


Crypto Swap Exchange


View Profile WWW
September 17, 2023, 12:15:04 PM
 #5

But, you have to always be in the position to rob the person in the middle. You need a lot of well connected nodes to do this and they have to be the cheapest way of routing. So you are charging low fees and locking up a lot of BTC in the hopes that people route enough money though you for this to work, and the fact that you don't get caught and booted off the network.

-Dave

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
stompix
Legendary
*
Offline Offline

Activity: 3108
Merit: 6643


Leading Crypto Sports Betting & Casino Platform


View Profile
September 17, 2023, 12:40:14 PM
Merited by DaveF (2), ABCbits (1)
 #6

You need a lot of well connected nodes to do this and they have to be the cheapest way of routing. So you are charging low fees and locking up a lot of BTC in the hopes that people route enough money though you for this to work, and the fact that you don't get caught and booted off the network.

Exactly and this is why it will never be a real threat because instead of the third guy whom you want to cheat, you can BE! that guy and take all the fees perfectly normal yourself! Trying to make the route longer but at the same time cheaper will act like the barrier, it's a no go!
I'm curious if such an attack which results in collecting a few milisatoshi now and then will ever make up for all the funding you have to set up in order to deploy your malicious network!

Now if D would be able to do that without B, that would change things but since it can't, I think right now it's as dangerous as Foundry colluding with some guy in Nantucket to reverse his coffee purchases.


..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
DaveF
Legendary
*
Offline Offline

Activity: 3696
Merit: 6686


Crypto Swap Exchange


View Profile WWW
September 20, 2023, 07:09:07 PM
 #7

You need a lot of well connected nodes to do this and they have to be the cheapest way of routing. So you are charging low fees and locking up a lot of BTC in the hopes that people route enough money though you for this to work, and the fact that you don't get caught and booted off the network.

Exactly and this is why it will never be a real threat because instead of the third guy whom you want to cheat, you can BE! that guy and take all the fees perfectly normal yourself! Trying to make the route longer but at the same time cheaper will act like the barrier, it's a no go!
I'm curious if such an attack which results in collecting a few milisatoshi now and then will ever make up for all the funding you have to set up in order to deploy your malicious network!

Now if D would be able to do that without B, that would change things but since it can't, I think right now it's as dangerous as Foundry colluding with some guy in Nantucket to reverse his coffee purchases.

Unless they guy in Nantucket owns part of Foundry.

I know I have used it as an example before but I have to come back to the TV series Breaking In [ https://www.imdb.com/title/tt1630574/?ref_=fn_al_tt_3 ]
They had to steal a exotic car to test the dealers security and came up with a mission impossible type plan, with hacking key cards, defeating the alarm system, etc....
Wound up stealing the wrong car from the wrong car dealer [it's not great TV] but came back to the right car dealer and while standing in front of it, trying to figure out how to get the right car one of them turns to the other and says 'they really should have a gate here' picks up a rock and smashes the large window to get in and get the car.

Wormhole attacks ARE viable, but by the time you do your mission impossible plan someone came in and put up a $5 phony website selling something and got way more BTC then you can doing this attack.

Not saying that they should not be working on ways to mitigate it, just that it's not that big a deal.

-Dave

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
NotATether
Legendary
*
Offline Offline

Activity: 1820
Merit: 7478


Top Crypto Casino


View Profile WWW
September 21, 2023, 06:51:00 AM
 #8

But, you have to always be in the position to rob the person in the middle. You need a lot of well connected nodes to do this and they have to be the cheapest way of routing. So you are charging low fees and locking up a lot of BTC in the hopes that people route enough money though you for this to work, and the fact that you don't get caught and booted off the network.

-Dave

How would you go about booting a LN router from the whole network? AFAIK, there isn't a banlist like Bitcoin Core has, or even if there is, it is non-trivial to detect that this kind of activity is happening.

Exactly and this is why it will never be a real threat because instead of the third guy whom you want to cheat, you can BE! that guy and take all the fees perfectly normal yourself! Trying to make the route longer but at the same time cheaper will act like the barrier, it's a no go!
I'm curious if such an attack which results in collecting a few milisatoshi now and then will ever make up for all the funding you have to set up in order to deploy your malicious network!

Considering that you'd have to repeat this attack millions of times before you can ever recoup the cost of hosting the servers monthly, I'm inclined to think its not practical.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
DaveF
Legendary
*
Offline Offline

Activity: 3696
Merit: 6686


Crypto Swap Exchange


View Profile WWW
September 21, 2023, 11:42:13 AM
 #9

But, you have to always be in the position to rob the person in the middle. You need a lot of well connected nodes to do this and they have to be the cheapest way of routing. So you are charging low fees and locking up a lot of BTC in the hopes that people route enough money though you for this to work, and the fact that you don't get caught and booted off the network.

-Dave

How would you go about booting a LN router from the whole network? AFAIK, there isn't a banlist like Bitcoin Core has, or even if there is, it is non-trivial to detect that this kind of activity is happening.

For now there is not, but if this does become an issue I'm sure it will be added. Lets face it, many things were added to the BTC protocol over the years because something happened. Or something happening became a larger possibility. But for the moment, if it does happen to someone you can bet after a lot of head scratching and posts on the discussion boards the next time that node did something like that or another node did the same thing a ban list is going to get to the top of the to do list.


Exactly and this is why it will never be a real threat because instead of the third guy whom you want to cheat, you can BE! that guy and take all the fees perfectly normal yourself! Trying to make the route longer but at the same time cheaper will act like the barrier, it's a no go!
I'm curious if such an attack which results in collecting a few milisatoshi now and then will ever make up for all the funding you have to set up in order to deploy your malicious network!

Considering that you'd have to repeat this attack millions of times before you can ever recoup the cost of hosting the servers monthly, I'm inclined to think its not practical.

For any of us here it's not viable, for a government or any organization with a bunch of hardware and a few programmers on staff it's not that difficult to do.
BUT, it's still not going to generate a profit, just destabilize the LN.

-Dave







█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1736
Merit: 8460


Fiatheist


View Profile WWW
September 21, 2023, 12:13:46 PM
 #10

Pardon me, but why isn't this considered an attack? If C doesn't seem to earn from routing transactions coming from either B or D, they can just close the channel. It is also possible to detect this if you spin up two lightning nodes each sharing a channel with B and D respectively. If you make transactions between the two without your main node noticing, you're under a wormhole attack.

Seems to me like the attacker is paying more than the victim.

BUT, it's still not going to generate a profit, just destabilize the LN.
If you're the government, and want to destabilize LN, make a call with Amazon and Google. According to bitcoinist.com, the network relies greatly on Google Cloud services and AWS.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
philipma1957
Legendary
*
Offline Offline

Activity: 4340
Merit: 9043


'The right to privacy matters'


View Profile WWW
September 23, 2023, 12:33:10 AM
 #11

Pardon me, but why isn't this considered an attack? If C doesn't seem to earn from routing transactions coming from either B or D, they can just close the channel. It is also possible to detect this if you spin up two lightning nodes each sharing a channel with B and D respectively. If you make transactions between the two without your main node noticing, you're under a wormhole attack.

Seems to me like the attacker is paying more than the victim.

BUT, it's still not going to generate a profit, just destabilize the LN.
If you're the government, and want to destabilize LN, make a call with Amazon and Google. According to bitcoinist.com, the network relies greatly on Google Cloud services and AWS.

Yeah how much real redundancy does the blockchain have?

But that is an entirely different topic/ thread.

I am still not sure how you would trace A-b-c-d-e in the ops example to prove an attack happened.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!