Top Bitcoin Developer Resigns, Warns Of Lightning Network Vulnerabilities That Put Customer Funds At Risk
KEY POINTS
- Antoine Riard believes the Bitcoin community is currently faced with a "hard dilemma"
- He attributes this to a new set of replacement cycling attacks that could put the Lightning Network in a "very perilous position"
- Riard is convinced that the sustainable fix could "only happen at the base layer"
Antoine Riard, security researcher and top developer of Bitcoin and the Lightning Network, has stepped down from the development team over concerns about an array of vulnerabilities and their impact on BTC's ecosystem, particularly the risk they pose to users who could lose their funds in the event of an attack.
Riard believes the Bitcoin community is currently faced with a "hard dilemma" because of a new set of replacement cycling attacks that could put the Lightning Network in a "very perilous position."
In the thread on the Linux Foundation's public mailing list, he shared his thought that the sustainable fix could "only happen at the base layer," and that this could entail the introduction of a comprehensive memory-intensive history of all transactions. Worse, it could require a consensus upgrade.
"Adding a memory-intensive history of all-seen transactions or some consensus upgrade. Deployed mitigations are worth something in [the] face of simple attacks, though I don't think they're stopping advanced attackers as said in the first full disclosure mail," Riard said in the thread.
He also noted that addressing the new type of attack might involve changes, and "those types of changes are the ones necessitating the utmost transparency and buy-in of the community as a whole, as we're altering the full-nodes processing requirements or the security architecture of the decentralized Bitcoin ecosystem in its integrality."
The vulnerabilities in question have been identified as CVE-2023-40231, CVE-2023-40232, CVE-2023-40233 and CVE-2023-40234 — which Riard referred to as "All your mempool are belong to us."
The Lightning Network is the layer-2 solution built on the Bitcoin blockchain designed to advance the efficiency and scalability of BTC transactions by allowing aff-chain, peer-to-peer transactions.
In December 2022, the Lightning Network experienced a critical vulnerability error, and many users could have lost their Bitcoin had a hacker exploited it. The bug has long been patched and the Lightning Network is now safe to use but Riard's post-mortem of the vulnerability confirmed that many Lightning users could have ended up losing their funds.
The top developer announced that he was stepping down from the Lightning Network's development and its various implementations. "Effective now, I'm halting my involvement with the development of the lightning network and its implementations, including coordinating the handling of security issues at the protocol level," he said in the thread.
However, his motivation for making this decision remains widely discussed, particularly on social media.
Riard's latest move comes at a time when spot Bitcoin ETF applications by traditional finance giants are attracting positive market sentiment as the filing moves forward with industry watchers optimistic that these filings could get approved before the year ends.
Bitcoin was trading up at $29,918.84 as of 9:06 a.m. ET on Sunday, with a 24-hour trading volume up by 10.24% at $12.5 billion — representing a 0.47% increase in the last 24 hours and an 11.5% gain over the past seven days.
Bitcoin's total circulating supply stands at 19.52 million BTCs, with its value up by 0.49% to a $584.24 billion market cap, according to data from CoinMarketCap.
© Copyright IBTimes 2024. All rights reserved.