We collect cookies to analyze our website traffic and performance; we never collect any personal data.Cookies Policy
Accept
Michigan Post
Search
  • Home
  • Trending
  • Michigan
  • World
  • Politics
  • Top Story
  • Business
    • Business
    • Economics
    • Real Estate
    • Startups
    • Autos
    • Crypto & Web 3
  • Tech
  • Lifestyle
    • Lifestyle
    • Food
    • Beauty
    • Art & Books
  • Health
  • Sports
  • Entertainment
  • Education
Reading: Bitcoin Lightning bug permits distant theft of bitcoin through LND nodes
Share
Font ResizerAa
Michigan PostMichigan Post
Search
  • Home
  • Trending
  • Michigan
  • World
  • Politics
  • Top Story
  • Business
    • Business
    • Economics
    • Real Estate
    • Startups
    • Autos
    • Crypto & Web 3
  • Tech
  • Lifestyle
    • Lifestyle
    • Food
    • Beauty
    • Art & Books
  • Health
  • Sports
  • Entertainment
  • Education
© 2024 | The Michigan Post | All Rights Reserved.
Michigan Post > Blog > Crypto & Web 3 > Bitcoin Lightning bug permits distant theft of bitcoin through LND nodes
Crypto & Web 3

Bitcoin Lightning bug permits distant theft of bitcoin through LND nodes

By Editorial Board Published February 19, 2025 3 Min Read
Share
Bitcoin Lightning bug permits distant theft of bitcoin through LND nodes

A serious bug panicked Bitcoin Lightning customers immediately. Senior Bitcoin developer “Calle” alerted node operators operating software program older than Lightning Community Daemon (LND) Model 0.18.5 or LITD Model 0.14.1.

The vulnerability pertains to how LND checks description fields for the settlement of Lightning invoices. Intelligent hackers discovered a strategy to manipulate the cost state of such invoices to remotely drain funds.

Satoshi Labs co-founder Pavol Rusnak rang an identical alarm bell. As posts gained tens of 1000’s of impressions, customers of the Lightning community unfold the message in regards to the imminent menace of theft.

Lightning is a mesh community of roughly 5,000 BTC that transfer sooner and cheaper than common, on-chain BTC. By routing funds by way of 44,000 public channels connecting over 16,000 nodes, Lightning customers sacrifice the total safety and decentralization of BTC for velocity, thrift, and further features.

In addition they expose themselves to Lightning-specific bugs that don’t have an effect on the bottom layer.

🚨 LND exploit within the wild 🚨

In case you are operating LND older than 0.18.5 and/or LITD older than 0.14.1, improve instantly. Apparently, affected Lightning nodes could be utterly drained by attackers.

— calle (@callebtc) February 19, 2025

Patching Bitcoin Lightning nodes to LND 18.5

Newly launched node softwares LND 0.18.5 and LITD 0.14.1 patch this distant menace vector. Disturbingly, LND 18.5 was simply launched final week, so many LND nodes are nonetheless old-fashioned and susceptible.

Out-of-date LND nodes quantity within the tons of or low-single-digit 1000’s as of publication time. LND has traditionally been the popular software program for many Lightning node operators.

The bug includes an incapability to cancel AMP invoices if they’ve a settled sub-invoice. Lightning developer often known as ziggie1984 posted a patch request that recommended permitting AMP invoices to run out even when they’ve a settled sub-invoice.

Effet Cantillon posted some reassurance that retailers utilizing Lightning Labs’ software program is perhaps high quality in the event that they don’t have their LND node work together with invoices generated by companies like BTCPay.

BTCPay Server apparently upgraded its LND node to 0.18.5 only in the near past.

A fast evaluation of feedback to standard posts on X revealed a couple of real-world situations of precise theft of funds, though the vulnerability could be very a lot reside as of publication time and theft particulars had been sparse.

All main Lightning builders advisable upgrading to the newest model of LND, which fixes the exploit.

Lightning Labs personnel, the leaders of LND, haven’t issued an official assertion but. A pull request on GitHub signifies that its improvement group was conscious of the difficulty three weeks in the past.

TAGGED:bitcoinbugLightningLNDnodesremoteTheft
Share This Article
Facebook Twitter Email Copy Link Print

HOT NEWS

Conflict Bankrupts Empires, Nations & Metropolis-States – Right here We Go Once more | Economics

Conflict Bankrupts Empires, Nations & Metropolis-States – Right here We Go Once more | Economics

Economics
July 27, 2025
Sir Keir Starmer set for Donald Trump commerce talks as PM walks diplomatic line between EU allies and US on Gaza

Sir Keir Starmer set for Donald Trump commerce talks as PM walks diplomatic line between EU allies and US on Gaza

Gaza and transatlantic commerce are set to dominate talks between Donald Trump and Sir Keir…

July 27, 2025
AG Nessel points assertion following Traverse Metropolis Walmart stabbing

AG Nessel points assertion following Traverse Metropolis Walmart stabbing

LANSING, Mich. (WLNS) — Michigan Lawyer Normal Dana Nessel has issued the next assertion after…

July 27, 2025
Commerce Dustin Could? Dodgers pitcher struggles in loss to Crimson Sox as deadline rumors swirl

Commerce Dustin Could? Dodgers pitcher struggles in loss to Crimson Sox as deadline rumors swirl

BOSTON — On a day the Dodgers have been going through considered one of their former longtime…

July 27, 2025
England maintain nerve in penalty shootout to win Girls’s Euros once more

England maintain nerve in penalty shootout to win Girls’s Euros once more

England have retained their Girls's Euros title after beating Spain on penalties in a tense…

July 27, 2025

YOU MAY ALSO LIKE

Are bitcoin treasuries mirroring the 1929 funding belief collapse?

Because the bitcoin (BTC) treasury firm bubble of spring 2025 deflates into summer season doldrums, historians of public trusts are…

Crypto & Web 3
July 25, 2025

How XRP misplaced its first 32,569 ledgers — and why it issues

Ripple founders and early insiders launched the XRP Ledger in June 2012 and misplaced all of its knowledge by New…

Crypto & Web 3
July 25, 2025

WOO X continues to freeze withdrawals as hack particulars emerge

The Taiwan-based crypto trade WOO X nonetheless hasn’t lifted its momentary withdrawal ban after $14 million in crypto was stolen…

Crypto & Web 3
July 25, 2025

Crypto change WOO X suspends withdrawals, customers hacked for $14M

Taiwan-based crypto change WOO X has briefly frozen withdrawals after $14 million price of crypto was stolen from 9 customers…

Crypto & Web 3
July 24, 2025

Welcome to Michigan Post, an esteemed publication of the Enspirers News Group. As a beacon of excellence in journalism, Michigan Post is committed to delivering unfiltered and comprehensive news coverage on World News, Politics, Business, Tech, and beyond.

Company

  • About Us
  • Newsroom Policies & Standards
  • Diversity & Inclusion
  • Careers
  • Media & Community Relations
  • Accessibility Statement

Contact Us

  • Contact Us
  • Contact Customer Care
  • Advertise
  • Licensing & Syndication
  • Request a Correction
  • Contact the Newsroom
  • Send a News Tip
  • Report a Vulnerability

Term of Use

  • Digital Products Terms of Sale
  • Terms of Service
  • Privacy Policy
  • Cookie Settings
  • Submissions & Discussion Policy
  • RSS Terms of Service
  • Ad Choices

© 2024 | The Michigan Post | All Rights Reserved

Welcome Back!

Sign in to your account

Lost your password?