Security researcher and developer Antoine Riard is stepping down from the Lightning Network’s development, citing security issues and fundamental challenges to the Bitcoin ecosystem.
According to a thread on the Linux Foundation’s public mailing list, Riard believes the Bitcoin community faces a "hard dilemma" as a new class of replacement cycling attacks puts Lightning in a "perilous position."
How does a lightning replacement cycling attack work?
There's a lot of discussion about this newly discovered vulnerability on the mailing lists, but the actual mechanism is a bit hard to follow.
So here's an illustrated primer...
1/n pic.twitter.com/mvvS8bEc5f
The Lightning Network is the second-layer solution built over the Bitcoin blockchain. It is designed to improve the scalability and efficiency of Bitcoin transactions by enabling off-chain, peer-to-peer transactions.
Through the Lightning Network, users can open payment channels, conduct multiple transactions off-chain, and settle the final result on the Bitcoin blockchain. The replacement cycling attack targets these payment channels. It is a new type of attack that allows the attacker to steal funds from a channel participant by exploiting inconsistencies between individual mempools. According to Riard:
Riard also noted that addressing the new type of attack may require changes to the underlying Bitcoin network:
Lightning developers grapple with challenges, including criticisms surrounding the network’s complexity and the demands placed on user experience. Since its inception in 2018, the layer-2 network has gained popularity, with a total value locked reaching $159.5 million at the time of writing, according to data from DefiLlama. However, this figure is still very modest
Read more on cointelegraph.com