Bitcoin core developer steps back from Lightning Network over "hard dilemma"

cointelegraph.com:

Security researcher and developer Antoine Riard is stepping down from the Lightning Network’s development, citing security issues and fundamental challenges to the Bitcoin ecosystem. 

According to a thread on the Linux Foundation’s public mailing list, Riard believes the Bitcoin community faces a "hard dilemma" as a new class of replacement cycling attacks puts Lightning in a "perilous position."

How does a lightning replacement cycling attack work?

There's a lot of discussion about this newly discovered vulnerability on the mailing lists, but the actual mechanism is a bit hard to follow.

So here's an illustrated primer...

1/n pic.twitter.com/mvvS8bEc5f

The Lightning Network is the second-layer solution built over the Bitcoin blockchain. It is designed to improve the scalability and efficiency of Bitcoin transactions by enabling off-chain, peer-to-peer transactions.

Through the Lightning Network, users can open payment channels, conduct multiple transactions off-chain, and settle the final result on the Bitcoin blockchain. The replacement cycling attack targets these payment channels. It is a new type of attack that allows the attacker to steal funds from a channel participant by exploiting inconsistencies between individual mempools. According to Riard:

Riard also noted that addressing the new type of attack may require changes to the underlying Bitcoin network:

Lightning developers grapple with challenges, including criticisms surrounding the network’s complexity and the demands placed on user experience. Since its inception in 2018, the layer-2 network has gained popularity, with a total value locked reaching $159.5 million at the time of writing, according to data from DefiLlama. However, this figure is still very modest