The lightning network is a Layer 2 payments protocol enabling ultra-fast and nearly costless transactions atop the bitcoin blockchain. In order for users to send transactions across the lightning network, they must open what are called “payments channels” to send and receive funds from other lightning users.
Presently, three autonomous teams are working on the Lightning Network implementations: Blockstream, ACINQ, and Lightning Labs. The main objective of these teams, among other things, is to reduce transaction costs while enhancing the scalability and security of the Bitcoin network.
A Threat Barely Avoided
Rusty Russell, a developer at Blockstream, first announced the bug on August 30 but did not reveal the details until Friday, to allow for a network-wide update that patched the problem. Russell published his solution to the exploit on the Lightning developers mailing list, noting that all major apps that run on the Lightning Network have already been fixed.
“An attacker can claim to open a [lighting payments] channel but either not pay to the peer, or not pay the full amount,” Russell wrote in the full disclosure.
While this long-standing bug had not been independently discovered, and thus was unlikely to be discovered by a malicious party before being fixed, it did provide an opportunity to test communications and methods of upgrade across the entire lightning ecosystem.”