Bitcoin’s Lightning Network was recently attacked and partially disabled. The attack was executed by the pseudoanonymous group “bitPico”.
Before reading on, we recommend reading our Introduction to Lightning Network.
bitPico originally voiced their concerns about LN vulnerabilities because of a successful DoS attack on the LN they had executed.
DoS or Denial of Service attacks happen when a server is so overwhelmed with connection attempts that it crashes. A type of DoS called DDoS is when thousands or millions of devices are hijacked to do the same thing but distributed – from all over the world – as was the case when hacked unsecured cameras crashed a big part of the global internet.
The bitPico attack was a DoS attack in that it consists of many nodes opening connections to existing LN nodes. The nodes save data for which there is no room in memory to the hard drive, and then read it into memory as capacity frees up. BitPico attacked them in such a way that they opened many connections to many nodes which then had no choice but to write data to the hard drives, thereby crashing when space ran out.
No data was lost, it’s all restored when the node reboots, but it’s an inconvenience which makes the LN very hard to use. This attack isn’t financially devastating or even long-term harmful, and it’s not free either because as we learned in the LN intro, opening channels with people costs money. Such transactions, despite costing only a few cents, amount to non trivial amounts in such volumes.
BitPico said they did this in order to secure the network by pointing out its weaknesses, and that this is why they’re trying to attack it from multiple angles. According to what we’ve seen so far, they’ve done a good job – some fixes have already been suggested.
We consider attacks like these extremely useful for the ecosystem as a whole. It’s important to stress test any network well before large amounts of money get locked in it and more damage is done. The only way to build high quality impenetrable software is by proving it to be penetrable as many times as possible.
While attacks of this kind do no financial harm to the participants, other attacks might not be as innocent if discovered too late.