Lightning Network releases emergency update after critical bug on LND nodes

Published at: Nov. 1, 2022

An emergency update was released to all Lightning Network's LND node operators on Nov 1., after a critical bug caused LND nodes to fall out of sync chain. This was the second critical bug experienced by the network in less than a month. 

According to Lightning Labs, developer of the Bitcoin Lightning Network, some LND nodes stopped syncing due to an issue with the btcd wire parsing library. The hot fix (v.015.4) was released nearly three hours after the break. The release stated:

"This is an emergency hot fix release to fix a bug that can cause lnd nodes to be unable to parse certain transactions that have a very large number of witness inputs."

As per the issue on GitHub, non-updated nodes will be vulnerable to malicious channel closings once channel timelocks expire in two weeks. The bug impacted only LND nodes, making the current chain state outdated, although payments transactions were still available. Some versions of electrs were also impacted, according to another issue on GitHub.

The bug was triggered by a developer dubbed Burak on Twitter, with a message in the transaction saying: "you'll run cln. and you'll be happy."

Sometimes to find the light, we must first touch the darkness.https://t.co/dhCwF0DxpE

— Burak (@brqgoo) November 1, 2022

Burak was also responsible for triggering a similar bug on Oct. 9, when they created a 998-of-999 multisig transaction that was rejected by btcd and LND nodes, leading to the rejection of the whole block and all blocks following the transaction. On the same day, Lightning Labs released a patch to fix the issue.

I just did a 998-of-999 tapscript multisig, and it only cost $4.90 in transaction fees.https://t.co/CvBHaRAqPu

— Burak (@brqgoo) October 9, 2022

Related: What is the Lightning Network in Bitcoin, and how does it work?

On Twitter, users suggested that it was time for an LND bug bounty program:

Savage takedown of LND lightning nodes by exploiting a consensus discrepancy between Bitcoin Core and btcd with a single Bitcoin transaction.Encoded message: "you'll run cln. and you'll be happy."Probably not a "responsible disclosure". Time for an LND bug bounty program? https://t.co/sLZQIsS4Zt pic.twitter.com/S8HwKXdoip

— Stadicus (@Stadicus3000) November 1, 2022

Hacker Anthony Towns also claimed to have disclosed the vulnerability to LND developers two weeks ago, noting that "The btcd repo doesn't seem to have a reporting policy for security bugs, so not sure if anyone else working on btcd found out about it."

The Lightning Network is a second layer added to Bitcoin’s (BTC) blockchain that allows off-chain transactions, i.e. transactions between parties not on the blockchain network.

Tags
Bitcoin
Cybersecurity
Bitcoin Payments
Lightning Network
Nodes
Related Posts
Researchers Say New Lightning Network Attack Could Create ‘Chaos’
A study published on June 29 revealed a way to drain Bitcoin (BTC) wallets’ funds on the Lightning Network by exploiting a bottleneck in the system. According to the “Flood & Loot: A Systemic Attack On The Lightning Network” paper, Jona Harris and Aviv Zohar from the Hebrew University in Israel evaluated a systemic attack on the Lightning Network that allows for the theft of BTC funds that were locked in payment channels. Flooding the blockchain with simultaneous attacks The Lighting Network is used to send payments through intermediary nodes, which can be leveraged to steal Bitcoin. This usually must …
Blockchain / June 29, 2020
Shopify Bitcoin payments integration triggers legal questions from the community
Following the announced integration of the payment app Strike with e-commerce platform Shopify to accept Bitcoin (BTC) through the Lightning Network, the crypto community raised concerns over the legal implications of the move. Crypto researcher Matt Ahlborg believes that the event is a very significant development for BTC as it allows the offloading of BTC without the need to go through the know-your-customer (KYC) process. What Jack Mallers is really saying is that you will be soon be able to offload your Bitcoins in the real world without KYC'ing through an exchange first. If this is true, it is actually …
Adoption / April 8, 2022
The Lightning Network Lunch: A Bitcoin contactless payment story
The Lightning Network (LN) just got a bit faster, as the suitably named Bolt Card now enables Bitcoin (BTC) enthusiasts to pay for goods and services using contactless technology. A data analyst at the company behind the card, CoinCorner, took the Bolt card on a trial run on the Isle of Man, a British Crown dependency in the Irish Sea. “MSW” — as he is known — tapped to pay at more than eight point-of-sale (PoS) devices during his lunchtime investigation. It worked like this: For any PoS device showing a Lightning invoice, MSW simply hovered the NFC-enabled Bolt Card …
Adoption / May 18, 2022
Nigerian innovator launches first active Bitcoin Lightning node in the country
A Bitcoin Lightning Network node (BTC) has struck the earth in one of the most challenging operating environments. Lagos, the capital of Africa’s most populous country, Nigeria, welcomed a new Bitcoin Lightning node this week, a vital step to better connect the continent to the layer-2 payments network atop Bitcoin, the Lightning Network (LN). The node runs on an old laptop powered by a diesel generator as Lagos regularly experiences energy and electricity blackouts. In a discussion with Cointelegraph, Megasley, who is the first Nigerian Lightning node of 2023 and the first active Lightning node in the country (as other …
Adoption / Jan. 11, 2023
Bitcoin node connection shuts down: BlueWallet users urged to withdraw funds
BlueWallet is sunsetting its lightning node connection to Lndhub.io according to an official statement. BlueWallet will cease custodial Lightning operations–meaning that BlueWallet users of the Bitcoin (BTC) Lightning Network must connect to nodes to continue using BlueWallet lighting services. What does BlueWallet sunsetting LndHub mean for you? - If you use BlueWallet for on-chain bitcoin: ✅ nothing - If you use other LndHub services (like LightningTipBot, LNbits, Alby): ✅ nothing - If you use the Lightning account hosted by them: ⚡️ Move your sats out Read on — calle ⚡️ (@callebtc) February 23, 2023 Calle, a Lightning Developer who tweeted …
Bitcoin / Feb. 24, 2023