Mysterious Bitcoin developer bitPico has confirmed rumors that they have launched an attack against the Lightning Network’s nascent mainnet implementation.
The pseudonymous individual or group made the announcement on the bitPico Twitter account, describing the attack as a “stress tool” for the LN software — which just entered beta — and claiming that it had discovered 22 attack vectors.
Developers had been monitoring the attack — a Denial-of-Service (DoS) exploit — for nearly two weeks, which saw the previously-unidentified individuals probe the security of network nodes by flooding them with requests to open payment channels.
The attack does not appear to have a financial incentive, supporting bitPico’s claim that it was altruistic in nature. User funds remain safe, and the method in which the attack has been carried out forces the attackers to spend their own funds spamming the network with payment channels.
Little is known about bitPico. However, the individual group raised eyebrows last year when it claimed that it would attempt to execute the controversial SegWit2x hard fork even after its main proponents issued a joint statement withdrawing support for the fork due to a lack of community consensus.
The threat was not carried out, and no block was ever mined on the SegWit2x network. BitPico’s social media accounts then went dark for several months, before reappearing in March with a declaration that the group had begun working on the Lightning network.
However, it’s unclear to what extent bitPico is responsible for the attacks and to what extent they are being carried out by other actors.
Though frustrating for current users, the upshot is that these attacks are shedding light on potential flaws in current LN software implementations, enabling developers to invent solutions now, when the LN is used primarily by tech-savvy users and there is little money at stake. Such bugs and security holes will need to be fixed before the LN is ready for mass usage by non-developers.
“Node hardening is in progress!” LN developer Alex Bosworth tweeted on March 25. “We’re getting a good opportunity to develop robust p2p [peer-to-peer] deployment strategies.”
Featured image from Shutterstock.
Last modified: May 20, 2020 8:55 PM UTC