We collect cookies to analyze our website traffic and performance; we never collect any personal data.Cookies Policy
Accept
Michigan Post
Search
  • Home
  • Trending
  • Michigan
  • World
  • Politics
  • Top Story
  • Business
    • Business
    • Economics
    • Real Estate
    • Startups
    • Autos
    • Crypto & Web 3
  • Tech
  • Lifestyle
    • Lifestyle
    • Food
    • Beauty
    • Art & Books
  • Health
  • Sports
  • Entertainment
  • Education
Reading: Bitcoin Lightning bug may jam and steal thousands and thousands of {dollars}
Share
Font ResizerAa
Michigan PostMichigan Post
Search
  • Home
  • Trending
  • Michigan
  • World
  • Politics
  • Top Story
  • Business
    • Business
    • Economics
    • Real Estate
    • Startups
    • Autos
    • Crypto & Web 3
  • Tech
  • Lifestyle
    • Lifestyle
    • Food
    • Beauty
    • Art & Books
  • Health
  • Sports
  • Entertainment
  • Education
© 2024 | The Michigan Post | All Rights Reserved.
Michigan Post > Blog > Crypto & Web 3 > Bitcoin Lightning bug may jam and steal thousands and thousands of {dollars}
Crypto & Web 3

Bitcoin Lightning bug may jam and steal thousands and thousands of {dollars}

By Editorial Board Published December 11, 2024 5 Min Read
Share
Bitcoin Lightning bug may jam and steal thousands and thousands of {dollars}

Bitcoin developer Antoine Riard has disclosed two new bugs that have an effect on rich node operators throughout the Lightning Community, a funds protocol with over $500 million price of BTC capability.

The transaction jamming assault exploits Bitcoin Core software program’s transaction choice, announcement, and propagation mechanisms of Lightning Community-connected Bitcoin full nodes.

Dubbed “transaction relay throughput overflow attacks,” the bugs permit an assailant to steal bitcoin (BTC) from the wealthiest Lightning nodes. Though there’s no proof {that a} thief has really exploited these bugs, Lightning implementation suppliers Éclair and Core Lightning are already engaged on software program patches.

Particularly, the cost- and time-intensive assault is barely well worth the effort for victims with greater than roughly $130,000 price of BTC and is greatest suited to nodes holding above half one million {dollars}.

Bitcoin Lightning transaction relay throughput overflow assaults

The assault would allow a thief to steal funds from the sufferer’s Lightning channel by stopping time-sensitive transactions similar to justice transactions from propagating by the community. After jamming the node for 32 Bitcoin blocks (Core Lightning defaults) or 140 blocks (Éclair defaults), the robber may make off with an irrevocable bounty.

In common clock time, that may imply roughly 5.5 hours to steal from a default Core Lightning node or 24 hours for a node working Éclair default software program.

By default, nodes restrict the variety of unconfirmed transactions they transmit or settle for at any given time to cut back the possibility of assorted denial-of-service (DoS) assaults. The attacker can conduct a excessive overflow jamming assault that blocks the sufferer from sending a justice transaction by repeatedly overwhelming the node with excessive price charge transactions. 

By default, a Bitcoin Core node will all the time select to propagate the best price transactions first and queue decrease price transactions — even when a type of decrease price transactions is the nodes’ personal Lightning Community justice transaction.

That is one bug that Core Lightning and Éclair are patching, because of Riard’s accountable disclosure.

Once more, the excessive overflow jamming assault blocks the sufferer from sending an anti-theft transaction by repeatedly overbidding with larger price transactions, therefore the title “high overflow.”

For that reason, the assault is pricey — with preliminary estimates north of $130,000 all through the hours of the assault.

Along with this excessive overflow jamming assault, Riard defined one other variation of the transaction jamming bug: low overflow.

A variation with hundreds of low-fee transactions

The low overflow is a less expensive variant however much less dependable for the attacker. Right here, to economize, the attacker targets a sufferer attempting to ship a transaction to nodes with a most unrequested transactions queue of 5,000 per peer.

The attacker floods the sufferer with numerous transactions utilizing a minimal transaction price charge. The sufferer then broadcasts these transactions to its friends and the friends attempt to drain the queue by requesting these transactions. If the attacker can keep a queue of over 5,000 transactions, the assault could be profitable. 

Technically talking, the low overflow assault leverages Lightning nodes’ interplay with Bitcoin Core’s MAX_PEER_TX_ANNOUNCEMENTS default, inflicting inbound transactions to overflow this threshold.

Patching the bug

Riard proposed a number of mitigations for Lightning Community node software program implementations. These suppliers are engaged on patches, together with random transaction rebroadcasting, extra aggressive fee-rebroadcasting, limitation of equivalent finality time-sensitive transactions, and over-provisioning of transaction relay throughput with peer nodes.

He additionally proposed modifications to Bitcoin Core itself to help Lightning Community operators. Nonetheless, modifications to Bitcoin Core sometimes take far longer and want extra evaluations than Lightning software program implementations.

Riard’s Crucial Vulnerability Error (CVE) request quantity 178025 is monitoring bug patches of his excessive and low transaction relay throughput overflow assaults.

TAGGED:bitcoinbugdollarsjamLightningmillionssteal
Share This Article
Facebook Twitter Email Copy Link Print

HOT NEWS

Shohei Ohtani’s strong begin units the tone as Dodgers defeat Giants to finish dropping streak

Shohei Ohtani’s strong begin units the tone as Dodgers defeat Giants to finish dropping streak

Sports
July 12, 2025
Donald Trump threatens to revoke Rosie O’Donnell’s US citizenship

Donald Trump threatens to revoke Rosie O’Donnell’s US citizenship

Donald Trump has stated he's contemplating "taking away" the US citizenship of actress and comic…

July 12, 2025
BST Hyde Park’s remaining day cancelled as Jeff Lynne’s ELO pulls out of headline slot

BST Hyde Park’s remaining day cancelled as Jeff Lynne’s ELO pulls out of headline slot

BST Hyde Park pageant has cancelled its remaining evening after Jeff Lynne's Electrical Mild Orchestra…

July 12, 2025
The Quiet Strength of Brenda’s Verse: A Journey Through Poetry and Faith

The Quiet Strength of Brenda’s Verse: A Journey Through Poetry and Faith

In a world that often feels like it’s moving too fast, Brenda Sanders, a 69-year-old…

July 12, 2025
Michigan girl dies whereas working extremely marathon in Colorado

Michigan girl dies whereas working extremely marathon in Colorado

DENVER (KDVR) — A 60-year-old girl from Michigan died whereas working the extremely marathon Hardrock…

July 12, 2025

YOU MAY ALSO LIKE

Bitcoin increase provides billions to those authorities holdings

As bitcoin’s (BTC) worth reached new all-time highs of $118,000, international locations with the forex of their reserves or below…

Crypto & Web 3
July 11, 2025

Bitcoin hits new all-time excessive, outpaces Meta, Alphabet, Saudi Aramco

Though it dominated headlines and celebrations throughout crypto social media, bitcoin (BTC) was simply one among many property to realize…

Crypto & Web 3
July 11, 2025

James Wynn loses all of it, once more, shorting bitcoin

After dropping $100 million on leveraged Hyperliquid trades earlier this yr, James Wynn returned to social media to brag about…

Crypto & Web 3
July 11, 2025

Hayden Davis despatched thousands and thousands in crypto weeks earlier than LIBRA promo

Hayden Davis reportedly moved over $3.7 million price of crypto within the weeks main as much as Javier Milei’s LIBRA…

Crypto & Web 3
July 10, 2025

Welcome to Michigan Post, an esteemed publication of the Enspirers News Group. As a beacon of excellence in journalism, Michigan Post is committed to delivering unfiltered and comprehensive news coverage on World News, Politics, Business, Tech, and beyond.

Company

  • About Us
  • Newsroom Policies & Standards
  • Diversity & Inclusion
  • Careers
  • Media & Community Relations
  • Accessibility Statement

Contact Us

  • Contact Us
  • Contact Customer Care
  • Advertise
  • Licensing & Syndication
  • Request a Correction
  • Contact the Newsroom
  • Send a News Tip
  • Report a Vulnerability

Term of Use

  • Digital Products Terms of Sale
  • Terms of Service
  • Privacy Policy
  • Cookie Settings
  • Submissions & Discussion Policy
  • RSS Terms of Service
  • Ad Choices

© 2024 | The Michigan Post | All Rights Reserved

Welcome Back!

Sign in to your account

Lost your password?