{"id":14231,"date":"2023-11-27T03:13:55","date_gmt":"2023-11-27T03:13:55","guid":{"rendered":"https:\/\/cryptoheretostay.com\/?p=14231"},"modified":"2023-11-27T03:13:56","modified_gmt":"2023-11-27T03:13:56","slug":"lightning-devs-must-wake-up-and-fix-security-bugs-not-please-vcs-bitcoin-dev","status":"publish","type":"post","link":"https:\/\/cryptoheretostay.com\/?p=14231","title":{"rendered":"Lightning devs must \u2018wake up\u2019 and fix security bugs, not please VCs: Bitcoin dev"},"content":{"rendered":"<script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"crypto\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script>\n<p>Developers working on the Bitcoin layer 2 Lightning Network have become less security-oriented and more focused on producing cash flow for their investors, argues a former Lightning Network developer.<\/p>\n<p>Bitcoin core developer and security researcher\u00a0Antoine Riard, made headlines last month\u00a0after leaving the Lightning ecosystem\u00a0over concerns about a new attack vector called \u201creplacement cycling,\u201d which exploiters could potentially use to steal funds by targeting payment channels.<\/p>\n<p lang=\"en\" dir=\"ltr\">How does a lightning replacement cycling attack work?<\/p>\n<p>There&#8217;s a lot of discussion about this newly discovered vulnerability on the mailing lists, but the actual mechanism is a bit hard to follow.<\/p>\n<p>So here&#8217;s an illustrated primer&#8230;<\/p>\n<p>1\/n pic.twitter.com\/mvvS8bEc5f<\/p>\n<p>\u2014 mononaut (@mononautical) October 21, 2023<\/p>\n<p>At the time, Riard said the new class of attacks puts Lighting in a \u201cperilous position&#8221; though other Bitcoin developers such as \u201cMachine98\u201d suggested\u00a0it is a difficult attack to pull off in the first place.<\/p>\n<p>Riard told Cointelegraph that he\u2019s now working at the Bitcoin base layer to address the issue and urged Lightning developers to follow suit:<\/p>\n<p>\u201c[They need to] wake up, stop the sleepwalking and go to the whiteboard to design a robust and sustainable fix in hand with other developers at the base-layer, preserving the long-term decentralization and openness of Lightning.\u201d<\/p>\n<p>Riard also claimed that many Lightning-focused firms are compromising Lightning\u2019s mission and security incentives for the sake of pleasing venture capitalists:<\/p>\n<p>\u201cThe sad fact being most of them are working for VC-funded entities, or commercial entities with the same low-time preference, at the long-term detriment of end-users.\u201d<\/p>\n<p>Riard said it\u2019s a classic example of the \u201ctragedy of the commons\u201d \u2014 where individuals and entities with access to a public resource act in their own interest and deplete it.<\/p>\n<p>Decentralization appears to be a trade-off that these VC-funded Lightning firms are willing to make, which is a major concern to Riard.<\/p>\n<p>\u201cCentralized systems are great in the scale of efficiency, however they come with the downside of systemic single-point-of-failure and lower cost of user censorship, fundamental risks that one might wish to hedge against as a Bitcoiner.\u201d<\/p>\n<p>\u201cI&#8217;m not sure this is an interesting Lightning future,\u201d Riard said. In fact, it is something which he wants no part of, after departing from the Lightning ecosystem on Oct. 20:<\/p>\n<p>\u201cI do not wish to be associated with being in charge or accountable of the Lightning Network security, and the ~5,300 BTC exposed here. There is little [I and others] can do to halt the haemorrhage, without compromising the core values of censorship-resistance and permissionless of the Lightning Network.\u201d<\/p>\n<p lang=\"en\" dir=\"ltr\">Lightning is the best solution currently available, but it&#8217;s not good enough.<\/p>\n<p>Lightning has several fundamental flaws, where each of them make the system as a whole a dead end for bitcoin, long term. An attempt at explaining these, and what we should do instead.<\/p>\n<p>Liquidity\u2026<\/p>\n<p>\u2014 torkel (@torkelrogstad) November 20, 2023<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Bitcoin Lightning Network growth jumps 1,200% in 2 years<\/em><\/strong><\/p>\n<p>The Lightning Network is the second-layer solution built over the Bitcoin blockchain. It is designed to improve the scalability and efficiency of Bitcoin.<\/p>\n<p>Through the Lightning Network, users can open payment channels, conduct multiple transactions off-chain, and settle the final result on the Bitcoin blockchain. The replacement cycling attack is a new type of attack that allows the attacker to steal funds from a channel participant by exploiting inconsistencies between individual mempools. <\/p>\n<p>Cointelegraph reached out to Lightning Labs and other firms in the Lighting ecosystem but did not receive a response.<\/p>\n<p lang=\"en\" dir=\"ltr\">Don&#8217;t get me wrong here: Lightning is great! Always still amazed when using it.<br \/>The point is that it can&#8217;t scale enough. And Ark is not a competitor but more of an add-on. Gives you all the advantages of Cashu but without requiring trust.<\/p>\n<p>All we need is covenants. Ideally, CAT https:\/\/t.co\/nhrmvqPYf0<\/p>\n<p>\u2014  \u044fobin linus (@robin_linus) November 19, 2023<\/p>\n<p>However, despite the security concerns and potential move toward centralization, Riard explained that Lightning hasn\u2019t seen as many attacks as many Ethereum layer 2s because Lightning users typically only store a small amount of funds in their wallets at any given time.<\/p>\n<p>A total of $194.1 million in BTC is locked in the Lightning Network, according to DeFiLlama.<\/p>\n<p><strong><em>Magazine:<\/em><\/strong><strong><em> <\/em><\/strong><strong><em>Should you \u2018orange pill\u2019 children? The case for Bitcoin kids books<\/em><\/strong><\/p>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"bitcoin\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script><br \/>\n<br \/><a href=\"https:\/\/cointelegraph.com\/news\/lightning-developers-wake-up-fix-replacement-cycling-bitcoin-dev\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Developers working on the Bitcoin layer 2 Lightning Network have become less security-oriented and more focused on producing cash flow for their investors, argues a former Lightning Network developer. Bitcoin core developer and security researcher\u00a0Antoine Riard, made headlines last month\u00a0after leaving the Lightning ecosystem\u00a0over concerns about a new attack vector called \u201creplacement cycling,\u201d which exploiters [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14232,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wp_rev_ctl_limit":""},"categories":[2],"tags":[],"class_list":["post-14231","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bitcoin-news"],"_links":{"self":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/14231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14231"}],"version-history":[{"count":1,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/14231\/revisions"}],"predecessor-version":[{"id":14233,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/14231\/revisions\/14233"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/media\/14232"}],"wp:attachment":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}