Several Bitcoin Lightning Network projects have been found to carry vulnerabilities that can potentially cause the loss of crypto funds for their users.
Projects that are running Lightning Network nodes have received instructions to upgrade their clients as soon as they can. This warning is also applied to those using the popular Éclair crypto wallet.
Australian software programmer and a bitcoin lightning coder Rusty Russell, posted a tweet on Friday in which he stated that there have been discovered vulnerabilities in various Lightning projects.
There is no additional information regarding the vulnerabilities, but the original post mailed through Lightning Network said that the “full details” will be disclosed in four weeks.
“Security issues have been found in various lightning projects which could cause loss of funds.
Full details will be released in 4 weeks (2019-09-27), please uprade well before then. – read the excerpt.
In the post, the coder listed the affected nodes that should be upgraded:
- CVE-2019-12998 c-lightning < 0.7.1
- CVE-2019-12999 lnd < 0.7
- CVE-2019-13000 eclair <= 0.3
The Lightning Network is a “Layer 2” payment protocol which works on top of a crypto blockchain, such as Bitcoin. The protocol was developed to facilitate fast transactions between nodes and has been peddled as a resolution to the scalability limits of Bitcoin.
It has incorporated a peer-to-peer system for performing crypto micropayments via a network of bidirectional payment channels without managing fund custody.
The Lightning Network concept first appeared in Feb. 2015, but even today it is in its early stages as it has many bugs that need to be sorted out. More than 50 companies are trying to further the protocol into mainstream use, including Casa, OpenNode, and Thor.
Featured Image: Milwaukee Journal Sentinel