There is a new vulnerability that was discovered in the Lightning Network. Researchers noted that the Lightning Network is vulnerable to DoS attacks. At this stage, these attacks are proven to be quite easy to implement. They may result in slowing down and even stopping up to 80% of all transactions.
This vulnerability was identified by Stefan Schmid (University of Vienna), Saar Tochner, and Aviv Zohar (Hebrew University of Jerusalem). They explained:
“This paper identified a novel attack on off-chain networks which introduces an interesting tradeoff both for an attacker as well as the rational defender. We have demonstrated the feasibility of this attack on different networks and provided the first analysis.”
How It Operates
After the sender executes a transaction, the lightning payment then passes through a network of nodes. It must pass through that network before it reaches its intended recipient. In the scenario that just one of these nodes belongs to an attacker, it may significantly slow down the payment process.
For such an attack to be successful, it is purportedly essential to open multiple payment channels. The attacker then promises zero commissions before failing to transfer the payments entirely. Through careful analysis of the principle of payment routing of various Lightning clients, any keen attacker will make his nodes more attractive. Eventually, the attacker ensures that the payments are cleared with them.
It is estimated that the cost of an attack on 80% of all the transactions ranges up to $2,000 with the criminals having to install around 20 payment channels. The research report stated that by setting up 5 new channels, the attacker gains the capability of hijacking around 65% of the routs. Furthermore, they can hijack up to 80% of the routs of all implementations when they create 30 new channels.
According to Alex Bosworth, the Lightning Labs developer, such an attack is rather dangerous. But, the routing system found in the LND client is continuously changing which makes it a ‘moving target.’