{"id":12343,"date":"2021-09-20T21:54:04","date_gmt":"2021-09-20T21:54:04","guid":{"rendered":"https:\/\/www.buyucoin.com\/crypto-labs\/custodial-lightning-network-service-attack-discovered-by-ln-newbie-hacker-strikes-6-ln-custodians\/"},"modified":"2021-09-20T21:54:04","modified_gmt":"2021-09-20T21:54:04","slug":"custodial-lightning-network-service-attack-discovered-by-ln-newbie-hacker-strikes-6-ln-custodians","status":"publish","type":"post","link":"https:\/\/www.buyucoin.com\/crypto-labs\/custodial-lightning-network-service-attack-discovered-by-ln-newbie-hacker-strikes-6-ln-custodians\/","title":{"rendered":"Custodial Lightning Network Service Attack Discovered by LN \u2018Newbie\u2019 \u2014 Hacker Strikes 6 LN Custodians"},"content":{"rendered":"<p><strong>On September 18, a Redditor posted to the r\/bitcoin forum and explained how he discovered a way to \u201cattack [the] lightning Network\u2019s custodial services.\u201d The Reddit account dubbed \u201cReckless Satoshi\u201d wanted to figure out if a \u201cdiscrepancy between real routing fees and service\u2019s transaction fee can be exploited for a profit.\u201d The researcher disclosed that he wanted to see how large the damage could be and said \u201cit is bad.\u201d<\/strong><\/p>\n<h2>6 Lightning Network Custodial Services Attacked, Researcher Discloses Findings to Offenders Prior to Public Disclosure<\/h2>\n<p>A Redditor called <a href=\"https:\/\/www.reddit.com\/user\/Reckless_Satoshi\/\">Reckless Satoshi<\/a> published a <a href=\"https:\/\/www.reddit.com\/r\/Bitcoin\/comments\/pqjcvo\/stealing_sats_from_the_lightning_network\/\">disclosure post<\/a> on r\/bitcoin this past Saturday and disclosed how he had found a vulnerability with routing fees and some of the Lightning Network\u2019s custodial services. The research attack was done in good faith and after it was complete he disclosed the bugs to the offending services before publishing his findings. Reckless Satoshi used the Lightning Network (LN) attack on six different services including <a href=\"https:\/\/www.bitfinex.com\/\">Bitfinex<\/a>, <a href=\"https:\/\/muun.com\/\">Muun<\/a>, <a href=\"https:\/\/www.okex.com\/\">Okex<\/a>, <a href=\"https:\/\/lnmarkets.com\/\">Lnmarkets<\/a>, <a href=\"https:\/\/main.southxchange.com\/\">Southxchange<\/a>, and <a href=\"https:\/\/www.walletofsatoshi.com\/\">Walletofsatoshi<\/a>.<\/p>\n<p>The Reddit post published by Reckless Satoshi on September 18, 2021.<\/p>\n<p>Reckless Satoshi said the attack was \u201ccheap, but not free,\u201d and a \u201csimple attack.\u201d After depositing funds into the custodial services, Reckless Satoshi used \u201ca node that will be routing the payments between the custodial service and the receiving node.\u201d<\/p>\n<p>The attack\u2019s parameters according to the Github code published by Reckless Satoshi.<\/p>\n<p>\u201cIf a positive net return is possible, then it is just a matter of optimizing the size of the fee collected and the transaction speed rate to see how big the damage could be,\u201d Reckless Satoshi added. \u201cIt is easy to see how this attack must be feasible on any service with [a] free withdrawal fee.\u201d<\/p>\n<p>Reckless Satoshi also <a href=\"https:\/\/github.com\/Reckless-Satoshi\/ln-fee-siphoning\">published his attack<\/a> to the code repository site Github. After explaining how he placed a node in the middle, the researcher added:<\/p>\n<p>This is one of the simplest attacks. In fact, the only LN attack I can think of, but also I am just a newbie in the process of learning. I assume there are people out there much more capable of conducting this research. Who knows, maybe there have been sizable losses in the past that remain undisclosed.<\/p>\n<p><!-- growjs zone placement 31 -->    <!-- end of growjs zone placement --> <\/p>\n<h2>Lightning Network Total Value Locked at $112 Million, Up Over 100% Since the End of July<\/h2>\n<p>The visitors who read Reckless Satoshi\u2019s forum thread thanked him for conducting the research and disclosing the bugs to specific custodial LN providers. \u201cI\u2019m glad to see that people are not hacking\/exploiting the system just for malicious purposes or to make quick profit out of it,\u201d an individual <a href=\"https:\/\/www.reddit.com\/r\/Bitcoin\/comments\/pqjcvo\/stealing_sats_from_the_lightning_network\/hdbd1ne?utm_source=share&amp;utm_medium=web2x&amp;context=3\">wrote<\/a> in response to the disclosure. Moreover, a number of Redditors discussing Reckless Satoshi\u2019s findings <a href=\"https:\/\/www.reddit.com\/r\/Bitcoin\/comments\/pqjcvo\/stealing_sats_from_the_lightning_network\/hdbpi5c?utm_source=share&amp;utm_medium=web2x&amp;context=3\">argued<\/a> over what they should <a href=\"https:\/\/www.reddit.com\/r\/Bitcoin\/comments\/pqjcvo\/stealing_sats_from_the_lightning_network\/hdci4mj?utm_source=share&amp;utm_medium=web2x&amp;context=3\">call the attack<\/a>.<\/p>\n<p>The Lightning Network total value locked (TVL) on Monday, September 20, 2021, according to defipulse.com stats.<\/p>\n<p>At the time of writing, the Lightning Network has seen its total value locked (TVL) slide by 9.3% during the last 24 hours. However, since July 20, 2021, the LN TVL jumped over 100% from $56 million that day to today\u2019s (2,600+ <a class=\"lar-automated-link\" href=\"https:\/\/markets.bitcoin.com\/crypto\/BTC\">BTC<\/a>) $112 million TVL held in the Lightning Network. Much of the 9.3% TVL slide on LN is due to the recent crypto market rout on Monday morning, September 20, as the crypto economy has slid 9% in value during the last 24 hours.<\/p>\n<p><em><strong>What do you think about the Lightning Network attack described by the Redditor Reckless Satoshi? Let us know what you think about this subject in the comments section below.<\/strong><\/em><\/p>\n<p>Bitcoin News<br \/>\nNews, $112M TVL, 6 offenders, Attack, BitFinex, bug, Hacker, lightning network, ln, LN bug, LN hack, LN Newbie, LN Services, Lnmarkets, Muun, Node in the middle, Okex, Profit, Reckless Satoshi, Routing fees, Southxchange, The Lightning Network, Vulnerability, Walletofsatoshi.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On September 18, a Redditor posted to the r\/bitcoin forum and explained how he discovered a way to \u201cattack [the] lightning Network\u2019s custodial services.\u201d The Reddit account dubbed \u201cReckless Satoshi\u201d wanted to figure out if a \u201cdiscrepancy between real routing fees and service\u2019s transaction fee can be exploited for a profit.\u201d The researcher disclosed that&hellip;<\/p>\n","protected":false},"author":0,"featured_media":12344,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[53,3],"tags":[],"class_list":["post-12343","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blockchain-news","category-coin-news"],"_links":{"self":[{"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/posts\/12343"}],"collection":[{"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/comments?post=12343"}],"version-history":[{"count":0,"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/posts\/12343\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/media\/12344"}],"wp:attachment":[{"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/media?parent=12343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/categories?post=12343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.buyucoin.com\/crypto-labs\/wp-json\/wp\/v2\/tags?post=12343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}