A revolution already put to the test – Not even a month after the discovery of a first flaw, the Lightning Network is again talking about it. A new vulnerability has been spotted, but a patch has been deployed and it appears that it has not (yet) been exploited.
A mysterious flaw in the LN
On the night of October 8-9, the head of crypto engineering at Lightning Labs, Conner Fromknecht , informed the community of a flaw in the Lightning Network Deamon , Bitcoin Up and its infamous Lightning Network lnd implementation .
Thus, all nodes in version 0.10.X and lower are still vulnerable. Fortunately, it seems that this vulnerability has not yet been exploited. However, Fromknecht urges node operators running under lnd to update to version 0.11.0 .
“While we have no reason to believe that these vulnerabilities have been exploited, we urge the community to upgrade to version 0.11.0 or higher as soon as possible. „- Mail from Conner Fromknecht
For security reasons and to allow time for all nodes to upgrade, Fromknecht has not released details of the vulnerability. These should be published around October 20
“We will be posting more details on this in the coming weeks, as well as a full bug bounty program . “
In the meantime, if you have an lnd node, it is imperative to update to version 0.11.0.