- Bitcoin developer Antoine Riard identified two new Lightning Network vulnerabilities affecting nodes with large BTC holdings.
- The attack requires approximately $130,000 to execute and targets nodes holding over $500,000 in BTC.
- Execution time ranges from 5.5 to 24 hours depending on node software configuration.
- Two variants exist: high overflow (expensive but reliable) and low overflow (cheaper but less reliable).
- Core Lightning and Éclair teams are developing patches to address these vulnerabilities.
New vulnerabilities in Bitcoin’s Lightning Network could enable attackers to steal funds from wealthy nodes holding over $130,000 in BTC, according to developer Antoine Riard’s disclosure to the Bitcoin development community. The payment protocol, currently securing more than $500 million in BTC, faces two distinct transaction jamming attacks.
High-Stakes Transaction Manipulation
The primary vulnerability, dubbed “high overflow jamming,” exploits Bitcoin Core’s transaction processing mechanics. Attackers can prevent victims from broadcasting critical safety transactions by flooding the network with high-fee transactions. This attack specifically targets Lightning nodes with substantial holdings, requiring approximately $130,000 in resources to execute, according to the Bitcoin Ops newsletter.
The attack’s timeline varies by node configuration:
- Core Lightning nodes: 5.5 hours (32 blocks)
- Éclair nodes: 24 hours (140 blocks)
Alternative Low-Cost Attack Vector
The second vulnerability, termed “low overflow,” presents a more economical but less reliable approach. This method targets Bitcoin Core’s default maximum transaction queue of 5,000 per peer, overwhelming nodes with numerous low-fee transactions. The attack manipulates the MAX_PEER_TX_ANNOUNCEMENTS parameter, a technical limit controlling transaction propagation between nodes.
Implementation teams are implementing several countermeasures:
- Random transaction rebroadcasting
- Enhanced fee-rebroadcasting mechanisms
- Stricter limitations on time-sensitive transactions
- Increased transaction relay capacity with peer nodes
While no reported exploitation has occurred, the vulnerabilities are tracked under CVE-178025. Bitcoin Core developers are reviewing proposed modifications, though these changes typically require extended evaluation periods compared to Lightning Network software updates.
✅ Follow BITNEWSBOT on Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Apple Rolls Out Major AI Update With ChatGPT Integration, Custom Emoji Creator
- Bitcoin Breaches $100K as Wall Street FOMO Kicks In Amid Rate Cut Hopes
- Notcoin Creator Launches Token Reward Platform on Telegram for TON Projects
- Crypto Podcast UpOnly X Account Hacked, Scammers Push Fake Token
- Dalio: Bitcoin, Gold Better Than Bonds as Global Debt Crisis Looms
