- A critical vulnerability in Bitcoin Lightning Network affects nodes running older versions of LND and LITD software, potentially exposing funds to theft.
- The bug exploits a flaw in how Lightning Network Daemon (LND) processes invoice descriptions, allowing attackers to manipulate payment states.
- Approximately 5,000 BTC are currently flowing through Lightning Network’s 44,000 public channels connecting over 16,000 nodes.
- Updated versions LND 0.18.5 and LITD 0.14.1 patch the security vulnerability, though many nodes remain unprotected.
- Lightning Labs knew about the vulnerability three weeks before public disclosure, as evidenced by GitHub documentation.
Bitcoin’s Lightning Network faced a severe security crisis today as developers discovered a critical vulnerability that could allow attackers to drain funds from nodes running outdated software versions. The bug, affecting thousands of Lightning Network nodes, specifically targets systems running older versions of Lightning Network Daemon (LND) and LITD implementations.
Calle, a senior Bitcoin developer, issued an urgent warning to node operators, highlighting the immediate need to upgrade to LND version 0.18.5 or LITD version 0.14.1. The vulnerability specifically targets how the system processes invoice descriptions during settlement procedures.
The Lightning Network, a second-layer scaling solution for Bitcoin, currently manages approximately 5,000 BTC through its infrastructure of 44,000 public channels. This network architecture prioritizes transaction speed and cost-efficiency over the robust security measures of Bitcoin’s main chain.
Pavol Rusnak, co-founder of Satoshi Labs, amplified the alert to the community. Technical analysis reveals the exploit centers on AMP (Atomic Multi-Path) invoices, where attackers can manipulate payment states to their advantage.
“Merchants using Lightning Labs’ software might be protected if they avoid interaction with invoices generated by services like BTCPay,” noted cryptocurrency researcher Effet Cantillon in a social media post.
Historical context shows this isn’t the first security challenge for Lightning Network. Previous vulnerabilities have highlighted the trade-offs between transaction speed and security in layer-2 solutions. The current incident particularly affects LND, which has historically been the preferred implementation for most Lightning node operators.
While Lightning Labs has yet to release an official statement, documentation on GitHub indicates their awareness of the vulnerability three weeks prior to public disclosure. Node operators are strongly advised to implement immediate software updates to protect their assets.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Mark Cuban Abandons Meme Coin Plans, Citing Transparency Concerns
- Crypto Industry Leaders Unite to Fight IRS DeFi Broker Rule
- Bitcoin Traders Face Disappointment as Price Falls Back from $52,000 Peak
- Hong Kong Regulator Unveils 12-Point Plan to Become Global Digital Asset Hub
- Cardano Reports Nearly 2,000 Projects in Development as Network Hits 106M Transactions
