News has surfaced this morning of a successful attack that has been carried out on Bitcoins Lightning Network.
Bitcoin introduced the Lightning Network to solve scalability issues and to also decrease the need for high transaction fee’s to be implemented on minor transactions. The network is composed of a series of payment channels that are made of multi-signature wallets. This allows for faster facilitation of regular, small payments.
So, for example, purchasing a meal using Bitcoin. Traditionally, it would take vast amount of time for the transaction to be confirmed and moreover, even though the value of the transaction might be small, a large fee could be implemented. With the Lightning Network in use, this transaction can be sped up through the use of multi-signature wallets and thus, less of a fee is charged.
According to a report from bitfalls.com, bitPico have carried out a DDoS attack on the lightning network. A DDoS, or Direct Denial of Service Attack is when a network is hijacked by huge volumes of traffic, with the aim to deny service through the network to it’s customers or users.
bitPico, carried out such an attack on numerous nodes operating on the lightning network. These nodes are responsible for saving data temporarily whilst transaction data is written onto physical memory, they essentially act as a cache that allows the lightning network to facilitate fast transactions.
By hijacking the nodes, bitPico caused the network to crash once it ran out of space, by removing the cache function, they had no temporary storage for data and thus, service to users was denied.
This was not a malicious attack, it was carried out as a means test by bitPico. According to bitfalls.com:
“bitPico said they did this in order to secure the network by pointing out its weaknesses, and that this is why they’re trying to attack it from multiple angles.”
This is often referred to as ethical hacking. By carrying out such actions, hackers can expose vulnerabilities within networks without actually extracting data and causing any substantial damage. In the instance of bitPico, no data was taken, and no financial loss occurred. However, bitPico did prove that should a hacker want to, they could also have taken advantage of this vulnerability and extracted data/damaged the lightning network with devastating consequences.
By doing this, bitPico have given Bitcoin the chance to resolve these issues before real damage occurred. If you’re interested, here’s a list of some of the recommended fixes that has been established as a result of this attack- https://github.com/bitcoin/bips/blob/master/bip-0154.mediawiki
This sort of work, it’s a grey area, but is very advantageous for both the hackers (of the ethical designation) and the companies they are trying to protect.
Featured Image Original Source: Pxhere