Australian software programmer and open-source advocate Rusty Russell, who authored the majority of the Bitcoin Lightning Network ’s (LN) protocol specification, has warned against vulnerabilities in the Lightning Network protocol that would cause users to lose money.
The vulnerability may be related to Eclair, a Lightning Network-equipped Bitcoin wallet, which Russell advised users to update.
Russell also told users to update their Lightning Network nodes as soon as possible: "security issues have been found in various lightning projects which could cause loss of funds," he wrote in a post that was shared through a Lightning Network mailing list. "Full details will be released in 4 weeks (2019-09-27), please upgrade well before then."
He also published a tweet urging node operators to upgrade:
Upgrade #lightning nodes please! c-lightning < 0.7.1, lnd [#lessthansign] 0.7, eclair [#lessthansign]= 0.3 vulnerable:https://t.co/4E2hHUy386
— TheRustyTwit (@rusty_twit) August 30, 2019
According to a report from Forbes, the delay in the release of these “full details” is a common practice in cybersecurity to prevent exploitation of the vulnerability and to give developers ample time to address relevant issues.
Amount of payment channels and BTC have declined
The alleged vulnerability may not be the only thing that Lightning Network users should be aware of. According to a report from CoinTelegraph, the total value of Bitcoin inside of the network’s channels has declined from roughly 1100 BTC at the beginning of the year to around 850 BTC.
This could be a matter of concern because the speed of the Lightning Network speed is directly related to how much BTC is on the network. The network operates by moving BTC that already exists within the network between users; therefore, adding more BTC to the network (as is sometimes necessary) significantly increases transaction times.
The same report said that the reason behind the decline could be the fact that Bitcoin prices have gone up--Lightning Network users are taking their coins outside of the system and selling them for a profit.
Bitcoin’s increased prices could also mean that Lightning Network users have nothing to worry about--as the value of BTC increases, the size of the transactions on the network will likely decrease, meaning that there won’t be a need to add more BTC into the network.
Additionally, CEO and co-founder of RSK Labs Diego Gutierrez Zaldivar explained that as more payment channels (presumably) continue to open on the Lightning network, these kinds of drops in coin volume won’t matter so much.
“The impact of Lightning’s drop-in capacity is only temporary, and as adoption increases and ecosystem interoperability makes the network as a whole more resilient, events like these will become irrelevant,” he told CoinTelegraph. “Since off-chain networks require only a fraction of the value accessible off the chain for day-to-day transactions, this also limits the overall impact of these kinds of shortages for the end-user.”
However, this perspective may be slightly too optimistic: according to data from BitcoinVisuals, 23% of Lightning Network payment channels have shut down in the past five months alone.
CCN reported that the shrinking number of payment channels was because of a lack of good incentives for node operators: "a full-capacity Bitcoin network results in fees far too high to make micropayments worthwhile. Lightning is a way of serving transactions without having to wait until they’re confirmed in a block, thus sidestepping the competition for fees."