Bitcoin’s Lightning Network Has Second Vulnerability Discovered Author: Ali Raza Last Updated: 10 October 2020 Conner Fromknecht, a developer of Lightning, has recently published a disclosure on the 9th of October, 2020, to the mailing lists of the project. This disclosure advises various node operators as soon as possible, as the Lightning developers had discovered a vulnerability within the node software of the Bitcoin Lightning Network. Full Disclosure Set For The 20th Of October 2020 As it stands now, the seriousness of this vulnerability is unclear, as the disclosure refrains from revealing exactly how this vulnerability gets exploited. However, the report does suggest that the exploit has yet to be used in the wild. Coincidentally, many Lightning node operators are already safe from it, as the bug had already been fixed as of Version 0.11 of the Lightning Network software, which was released in late August. Even so, the vulnerability that was discovered was such a type that the disclosure process had to be shortened in order to protect the network at large. According to the post, a full disclosure of the bug will be released on the 20th of October, 2020, with the hopes that all node operators had updated their software by then. Bug Bounties To Stay Safe Alongside this, Lightning Labs had made it clear that it plans to launch a new, comprehensive bug bounty program within the near future. This program will allow prospective security specialists to be capable of claiming a reward should they discover bugs in the future, which would help Lightning stay safe. The Lightning Network stands as a Layer 2 payment protocol operating on top of Bitcoin. While still in development, it allows for cheaper, faster transactions within the network at large. Minor Hiccups, But Fundamentally Sound This stands as the second recorded vulnerability that was discovered within the node software of Lightning. Just last year, Rusty Russel, a Bitcoin developer, had found a separate vulnerability that enabled attackers to steal the funds of users through the use of sending invalid transactions. Lightning Labs had opted not to disclose the number of users falling victim to this, but did confirm that the exploit was used in the wild. In both of these exploits’ cases, it came as a result of programming oversights that were very short-lived. As such, there has yet to be a fundamental design flaw within Lightning itself, which is always good. The Lightning Network stands as one of the most promising ways to speed up transactions within the Bitcoin network, all the while reducing transaction fees. CoinGate and Bitfinex, significant players within the crypto industry, have already adopted the Lightning Network without any apparent issues on their part. The network, overall, seems to be fundamentally robust, with only a few kinks on the outside layer.