Any new form of technology is prone to bugs and hacks. That situation is no different in the cryptocurrency industry today. The Lightning Network, a layer-two scaling solution for cheaper and faster payments, can be subjected to an attack. That attack can effectively halt lightning payments, which is far from an ideal situation.
What is Going on?
Researchers have confirmed there is a possible Lightning Network attack vector. Albeit the research claims this only applies to Bitcoin, it may exist in a slightly altered form for Ltiecoin or other cryptocurrencies implementing this technology as well. The attack is an effective denial-of-service disruption that can slow down lightning payments. In the worst case scenario, it could even completely halt lightning network payments altogether.
In the latter case, this would not just apply to one or a few payment channels. The attack, if well-executed, could shut down the entire Lightning network for that specific cryptocurrency without any problems. It is somewhat normal to expect bugs when dealing with technology still in beta testing, but this is a worrisome development regardless. It is unclear if such an attack has been executed in the real world, although the researchers seem inclined to think that is not the case as of right now.
Easy to Execute
According to the research paper, pulling off this denial-of-service attack wouldn’t take too much effort either. A culprit would need to open a handful of lightning channels to key points in the infrastructure – preferably by offering zero-fee guarantees – and never relaying any payment that comes in. Not only would this cripple the LN throughput as a whole, but it can also make people distrust the entire cryptocurrency concept. Since this technology is designed to be decentralized, having one party that disrupts the whole thing is unacceptable. One also has to wonder why the creators of LN technology never foresaw such a potential exploit in the first place.
Hundreds of network nodes are competing for traction, each of which aims to provide the lowest fees possible. If someone were to come in and provide zero fees, it is still up to individual users and their applications to recognize this option as valid. That being said, if users were to collude and spin up hundreds of these payment channels with no fees, things could get out of hand fairly quickly. It is a problem that needs to be resolved sooner rather than later.
Repeatable Attack is Problematic
Under the current circumstances, nothing prevents a user – or a group of individuals – from crippling the Lightning Network for either Bitcoin or Litecoin. What is even more worrisome is how attackers can repeat this attack over and over again until the entire network grinds to a halt. Controlling 100% of the network’s payments should be virtually impossible, but it can still cause issues for up to 75% of all payments taking place. It is not the cheapest way of attacking a cryptocurrency network – the estimated cost is $2,000 for virtually no financial return – although it may become a “viable” option for culprits if lightning technology is used more commonly.