Bitcoin Core, the development team behind SegWitCoin (BTC) and its Lightning Network, apparently have issues. Rusty Russell, a software programmer who has been involved with the project, uncovered vulnerabilities recently that could lead to the loss of cryptocurrency and sent out a warning to the community to upgrade the network’s nodes. However, a new report sheds light on the issue and reveals that the warning may have come too late. The vulnerabilities may have already been exploited.
Olaoluwa Osuntokun, the chief technical officer (CTO) for two startups tied to the Lightning Network – Lightning Labs and ACINQ – published a statement about the issue on the Linux Foundation’s website yesterday. He asserts that there are “confirmed instances” of the vulnerabilities having been “exploited in the wild” and, like Russell, urges node operators to upgrade as quickly as possible.
The Common Vulnerabilities and Exposures (CVE) affect Lightning Network nodes version 0.7 and below, as well as eclair nodes version 0.3 and below and c-lightning nodes version 0.7 and below. As with all software in any environment, but particularly in financial settings, all linked applications should be kept up to date at all times.
Lightning Labs recognizes the vulnerabilities and cautions users to avoid the network. It said in a tweet yesterday, “This is also a great time to remind folks that we have limits in place to mitigate widespread funds loss at this early stage. There will be bugs. Don’t put more money on Lightning than you’re willing to lose!”
The Lightning Network was introduced in December 2017 as the Core team decided that scaling the network was an impossibility. It has been stuck in beta testing since then and has been live on BTC’s mainnet since January of last year.