“Yes, we have created an attack framework for the lightning network.”
The message from “bitPico” to CoinDesk confirmed what many had read in a popular chat group, that the pseudonymous user was flooding nodes running the software with traffic with an automated “attack toolkit.”
Around the same time, a handful of developers reported lightning nodes crashing, temporarily stopping them from sending payments using the technology designed for faster, cheaper bitcoin transactions.
The development comes as more and more users have started using lightning network to send real payments – albeit with some bumps along the way – and just a couple weeks after Lightning Labs, one of several startups building open-source lightning implementations, was the first to launch its product into live beta.
The attacks were a strange incident in that user funds were safe and money wasn’t being stolen. In fact, those, including bitPico, who are attacking the network might even be losing money.
One of the first to notice the attacks, Bitrefill developer Justin Camarena, was able to fix his company’s node – and easily.
But he was confused as to why anyone would attack other lightning nodes without the lure of monetary gain. He wondered why they wouldn’t just report any issues on GitHub, so developers could fix any bugs found.
“[It] wasn’t really an attack to steal funds, but to make a statement in my opinion,” Camarena told CoinDesk.
At first, many had the same impression, since bitPico had been a vocal supporter of a controversial scaling initiative, and had continued to espouse the benefits of increasing the block size parameter, even after most network participants ditched the effort.
But, according to bitPico, the attacks aren’t just more politics; they’re all about safety:
“As people with investment into bitcoin, we want to make sure layer-two solutions do not get [zero-day’ed] out of the gate; trying as many attacks as possible is the only way to make sure.”
Zero-day vulnerabilities are security holes that aren’t known to developers of a project. Usually, they are exploited by hackers in the hopes of stealing data before the vulnerability is patched.
But bitPico’s attacks, which started about 10 days ago, are all about stress-testing the software before more people start using it. And bitPico’s plan seems to be working – to a degree.
According to bitPico, 22 different attack vectors have been found, and the pseudonymous user plans to continue the attacks for another couple of weeks.
A common annoyance
It’s worth pointing out that denial-of-service (DoS) attacks are common across the internet.
These attacks simply drown a server with so much traffic that they crash under the load. And because these are a common practice among attackers, websites will generally develop armor to protect against them.
Indeed, bitPico’s attacks are prompting lightning developers to do just that, putting forward various possible fixes. And many developers believe these current attacks will set the lightning network up for success.
For instance, bitcoin advocate and author Andreas Antonopoulos blithely called the attacks “free testing,” while some developers just laughed them off.
“Frankly that’s to be expected for any service that is exposed to the internet and [it] doesn’t qualify as a real attack in my view,” said Pierre-Marie Padiou, CEO of ACINQ, a French startup behind another lightning client.
Developer Alex Bosworth has started using firewall software, called iptables, to prevent this traffic from disrupting legitimate transactions.
But the attacks are ongoing, propagated by users like bitPico opening tiny payment channels – which they have to pay a fee for opening. (This is one way attackers are probably losing money in DoSing the network – though it costs less than a penny to do so.)
This is a problem in that the Lightning Labs client, for one, doesn’t yet allow nodes to disconnect from these spammy channels, thus slowing them down.
In the future, Bosworth hopes the Lightning Labs implementation will allow users to disconnect from suspect peers.
Still, the attacks are merely what Bosworth and Camerena call an “annoyance.” “They wasted their fee to make that channel. It’s just bugging me,” Bosworth said.
Accidents, not attacks
All this goes to show that while the lightning network is ready for real money for the first time – a big step, to be sure – there’s still a number of smaller issues that need to be resolved before it will be ready for everyday, non-technical users.
This was on full display in another scenario recently: what developers initially thought was an attack, then turned out to be a simple mistake.
A little over a week ago, Bosworth tweeted that an “attacker” has broadcast an old “channel state,” which could have allowed the user to effectively steal another user’s funds.
Toward that, Bosworth tweeted, “Lightning DoSers seem organized and motivated.”
But the network’s rules worked as programmed, penalizing the user $25-worth of bitcoin instead.
“Justice has been served,” Camarena tweeted at the time, after seeing the message the program spits out when a bad actor tries to steal money by broadcasting an old transaction.
“That is exactly how it should respond. That was pretty interesting to see it play out for real,” Bosworth told CoinDesk.
Yet, while the revocation process worked, it also displayed that there are still more tweaks needed, as the software shouldn’t have let the user send old data in the first place.
As it turned out, broadcasting the old data was an accident on the part of a user with a corrupted channel database, who restored an old backup and closed his channels. When the channels were closed, the old channel states were broadcast and the node he was connected to detected it and categorized it as fraud.
Nonetheless, lightning developers see these errors as good learning experiences that will ultimately bring about a tougher network.
As Bosworth tweeted:
“We’re getting a good opportunity to develop robust [peer-to-peer] deployment strategies.”