One of the issues still plaguing Bitcoin today is its ability to scale. The coin has become more of an investable asset than a financial network as was originally planned, but this could also be done to its slow transactions per second. Bitcoin pales in comparison to Visa and Mastercard, and thus plays more like digital gold.
But, all hope is not lost as there have been big plans and initiatives to get Bitcoin back on its feet and scaled for mass use, making the network faster, more efficient and robust. One such improvement that has been doing the rounds is the Lightning Network, but this solution has been taking its time.
The Lightning Network is an excellent idea that allows the Bitcoin network to operate much easier as a payments network, but it is yet to be implemented and start operating to an acceptable level on a mass scale. More so, there are still reports and research finding internal issues.
The latest research suggests that hackers might be able to “loot” bitcoin from others by way of the Lightning Network, According to The Hebrew University of Jerusalem computer scientists Jona Harris and Aviv Zohar.
No proper settlement
Because the Lightning Network is a second layer solution, it means it operates off the blockchain, but still intrinsically linked to it. This is where the vulnerability lies, according to Zohar and Harris.
“The resulting high volume of transactions in the blockchain will not allow for the proper settlement of all debts, and attackers may get away with stealing some funds,” writes Harris.
This is done when ‘flooding’ happens. The Lightning Network is a good solution because it keeps transactions away from the slow Bitcoin blockchain, but the problem comes if a mass of Lightning channels are closed at once in the “flood” portion of the attack: The underlying bitcoin network cannot handle the volume, leading to problems.
Essentially, hackers then take advantage of this blockchain congestion to ‘loot.’ The attack relies on the Bitcoin blockchain being filled with transactions so that no more can get through. The attacker hopes they can push the contracts past the built-in deadlines. If successful, looting can occur on the expired contracts.
“By attacking many channels and forcing them all to be closed at the same time […], some of the victims’ HTLC-claiming transactions will not be confirmed in time, and the attacker will steal them,” Harris adds.