According to network security specialists, in 2016 a team of virtual asset enthusiasts implemented Lightning Network, a project that provided greater scalability by creating a second layer at the top of the Bitcoin blockchain with the goal of improve the speed of transactions, eliminating the need for everyone on the network to approve transactions.
Although it is indeed useful to users, some
security vulnerabilities have been discovered on the network, all thanks to a
security audit conducted a few months ago.
The work of Blockstream, a blockchain
technology firm, has been instrumental in this discovery. In addition to its
corporate projects, this company has actively collaborated for the development
of Lightning Network, especially with the creation of “c-lightning”,
an implementation of this network in C programming language, mentioned by
specialists in network security.
A team of Blockstream developers collaborated
on an investigation into the polling mechanisms Lightning uses to determine
whether these processes could be exploited by threat actors to gain access to
sensitive cryptocurrency
transaction data. After the investigation, specialists determined that
there are two possible attack variants:
- A
malicious actor, through an active probe, attempts to determine the maximum
amount that can be transferred through a connected target channel - A
time attack that is triggered when a hacker tries to figure out how close the
destination is really for a routed payment
Network security specialists demonstrated that
it is possible to track channel payments on any node accessible from the
attacking node, as long as you have only one channel whose balance is lower or
equal to the second lowest balance on the path from the attacking node.
However, the researchers also noted that nodes that are declared private could
avoid being transmitted, something that could be useful for mobile
cryptographic wallets or nodes with limited uptime, such as PCs.
The International Cyber Security Institute
(IICS) mentions that these reports will be useful to Lightning Network
developers, allowing the blockchain to be ready for its transition to the mass
adoption of this technology.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
