An unfortunate event happened in the Bitcoin Lightning Network recently. According to the recent announcement made on Twitter by Lightning Labs, the network is currently being exploited due to a vulnerability.
📢Important security update📢
Update your Lightning nodes immediately as we’ve confirmed instances of the CVE being exploited.
These versions are vulnerable:
• lnd 0.7 and below
• c-lightning 0.7 and below
• eclair 0.3 and below
More info here: https://t.co/GxMDcXwhF9
— Lightning Labs⚡️ (@lightning) September 10, 2019
According to the tweet, all Ind 0.7, c-lightning 0.7, eclair 0.3 and their editions below that are possible to be affected by the exploit, so people should upgrade to the latest version of the system in order to protect themselves from the attack. The latest versions, 0.7.1 and 0.3.1, are not subject to the attacks.
Olaoluwa Osuntokun, the Chief Technology Officer (CTO) at Lightning Labs, affirmed that there are several cases of people exploiting the network. The exploit was originally discovered a few days ago by Rusty Russel, another LN coder.
According to Russel, security vulnerabilities could make several projects to lose funds. He did not disclaim exactly what was the bug, obviously, in order to protect the users, but someone or a group of people may have discovered the exploit and is using it to steal money from the LN.
The Twitter profile also warned people that LN technology is prone to have bugs as it is still during its experimental phases. Because of this, nobody should put more money on the network than they were willing to lose if a bug happens.