Bitcoin Lightning Network is a Layer-2 solution to the Bitcoin blockchain. The addition of this Network allows transactions between parties to be processed off-chain. The basic effect of this is to remove multiple micro-transactions from Bitcoin’s main chain by offering transactions at near zero cost as well as instantaneous processing speeds. [See, e.g. Get to Text. Bitcoin: The Lightning Network victim of a critical bug. (Accessed November 2, 2022)].
This saga was initiated by a twitter user identified as ‘Burak’ (@brqgoo). On Tuesday morning (November 1, 2022) ‘Burak’ allegedly caused major chaos and interruption within the Lightning Network by creating a non-standard Bitcoin transaction having the effect of preventing Network users from opening necessary connections between Lightning nodes. Here it gets slightly technical as the initiated non-standard transaction evoked Bitcoin nodes running ‘btcd’ to reject all valid incoming blocks. Then, as all Lightning Network Daemon (LND) nodes depend on information received from ‘btcd’ nodes, the LND nodes likewise denied all new channel opening requests. [See, e.g. Munawa, F. Rogue Actor Disrupts Lightning Network With a Single Transaction. (Accessed November 2, 2022)].
As a result of this problem with the ‘btcd’ wire parsing library as set forth above, some LND nodes stopped syncing. But within three hours of the system failure, a ‘hot fix’ identified as [v. 015.4] was published to Github by Lightning Labs. At that time, the Lightning community was advised to update their nodes to the updated version. [See, e.g. Kiran, S. Bitcoin Lightning Network’s LND nodes record 2nd critical bug in a month. (Accessed November 2, 2022)].
.png)
By reviewing the Github posting of the update, Lightning Labs emphasized:
This is an emergency hot fix release to fix a bug that can cause lnd nodes to be unable to parse certain transactions that have a very large number of witness inputs. This release contains no major features, and is instead just a hotfix applied on top of v0.15.3.
[Lightning Network. lnd v0.15.4-beta. (Accessed November 2, 2022)].
Furthermore, per Lightning Labs, only the LND nodes were affected by this. In two weeks when the channel timelocks expire, any nodes remaining without the update will be subject to malicious channel closures. [See, e.g. Kiran, supra].
It should be stressed that to commence this action, ‘Burak’ took to twitter, tweeting:
.png)
On October 9, 2022, the very same ‘Burak’ commenced a prior exploit of the Lightning Network by tweeting:
.png)
His action of creating a 998-of-999 multisig transaction had its desired effect of having the transaction rejected by the btcd and LND nodes resulting in the rejection of that entire block as well as the cascading effect of every block’s rejection following it. Lightning Labs was again required to issue a quick ‘hot fix’ for the ‘Burak’ problem. [See, e.g. Pereira, A.P. Lightning Network releases emergency update after critical bug on LND nodes. (Accessed November 2, 2022)].
In the aftermath of both of these exploits, those users who are taking to Twitter seem to believe the time is right to employ a ‘bug bounty program’ for this recurring LND node problem:
.png)
.png)
