News in Brief – ‘The Flood & Loot Attack’
- The Bitcoin’s Lightning Network promises to alleviate Bitcoin’s known scalability problems.
- As per the new research, “Bitcoin’s Lightning Network Is Vulnerable to Looting”
- The research was led by the computer scientists, adding that the attackers may ‘loot’ bitcoin using lightning network
- Researchers described the attack in a research paper, entitling “Flood & Loot: A Systemic Attack on the Lightning Network,”
Bitcoin Lightning Network and Possible Threat
While Bitcoin is the crowning cryptocurrency, its network is often criticized due to the slower speed for executing the transactions. Hence the second layer payment protocol, lightning networks emerged and are performing better. The protocol is especially to solve the massive problem by pulling payments off the Bitcoin blockchain.
However, the Lightning network as per the researchers is not very hard and it is very profitable for the attackers. They often take advantage of the fact that the lightning network is still tied to the traditional bitcoin blockchain.
What is the ‘Flood & Loot Attack’ in LN?
Lightning works more significantly when the underlying blockchain used is very minimal. The ‘Flood’ is created when a cluster of lightning nodes are closed at once which becomes harder for the bitcoin blockchain to handle.
The attack goes like this,
- Set up the plot and wait
The attacker first sets up the plot by creating a ‘source node’ in the blockchain network to many victim nodes and fund the channels probably when the fees are low. Later the attacker creates the ‘target node’ to receive the payments. After setting up, he waits for the moment to carry out the attack.
- Initiate Multiple Payments
The attack is launched by initiating multiple Hash Time-Locked Contract s(HTLC’s) which are secured using cryptography from the source node to the target node. These HTLC’s are loaded with liquidity.
- Accept Payments
Once the payments have reached the target node, it accepts payments and sends back the secret to confirm the receipt of the transaction. HTLC’s secrets make their way back to the source node which does not respond and hence the channel with HTLC’s remains open.
- Claim Expired HTLC
Here is the final phase of attack when the victim attempts to close channels with the source node and claim HTLC, the attacker floods with many blockchain transactions at once. Due to congestion, the transactions do not enter the blocks and the HTLC expires. The attacker claims these HTLC.
Outcomes of the Attack
The researchers ran the attack using dummy coins and came out with these findings,
- Whenever a channel is closed, it generates one more transaction which is pushed into the Bitcoin blockchain network. Hence the attacker will try to close as many as channels possible to be successful in his attack.
- The researchers found that closing 85 channels at once can lead to a successful attack.
- On average, the attacker targets 100 such channels, about more than 7000 HTLC worth of $138 worth Bitcoin.
- Less block space leads to higher chances of attack.
- Setting up the nodes was very easy.
Can these Attacks be Prevented?
As we see, the attacks are very systematic and well planned and hence very tough to eliminate. But the researchers have suggested many strategies to fix these issues and save the funds of the user.
One of the strategies includes increasing the timeline of HTLC so that the user gets more time to claim before its expiry. This is the main loophole in which the attacker took the advantage and for a successful attack.
Another strategy involves the use of ‘Anchor Outputs’ which are special outputs in the lightning network which are designed to allow the transaction to be fee bumped.
On the Whole
The fact is that the lightning network increases the speed of bitcoin payments. But, if this ‘Flood & Loot Attack’ gets prevented, many people can use it at once. But the researchers say that there is still hope and a lot of work needs to be done in eliminating the possible attacks.
As the network grows, new problems and issues emerge which are researched and one day probably they can be fixed. However, the users around who have learned about these attacks seem to be unhappy.
One of the users said that pasting one layer on another cannot eliminate the attack risk and LN developers and users need to understand this.
Another user said that the main problem with the lightning network is the use of too many variables in the transaction which gives a free hand for human error.
In a nutshell, Bitcoin Lightning Network no doubt can increase the speed of the present Bitcoin blockchain payment system, it is still not ready for ‘prime time’ and more work needs to be done.