Expert urges Lightning Network developers to wake up and fix vulnerabilities

The Lightning Network (LN) team has become less focused on security and more focused on ensuring cash flow for its investors, according to Bitcoin Core developer Antoine Riard in a discussion with Cointelegraph.

In October he revealed a critical vulnerability in the network. According to the expert, the discovered new class of cyclic substitution attacks puts the protocol in a precarious position. Riard left the team at around the same time.

In a comment to the publication, he clarified that at present he is working on a solution to the issue and urged his former colleagues to follow his example:

[They need to] wake up, stop sleepwalking and come to the board to work with other developers at a fundamental level to craft a reliable and resilient solution, preserving long-term decentralization and openness of Lightning.

Riard also said that many LN-focused projects jeopardize the mission and security to please investors.

“The sad fact is that most of them operate for organisations funded by venture capital, or for commercial organisations with similarly short-term preferences, which, in the long term, come at the expense of end users,” the developer noted.

According to him, this is a classic example of the “tragedy of the commons” — when individuals and organisations with access to a public resource act in their own interests and deplete it.

Despite security concerns and a potential drift toward centralisation, Riard noted that LN L2 [solutions] for Ethereum has not seen as many attacks as many Ethereum L2 solutions. According to the developer, this is because Lightning users typically keep only small amounts of funds in their wallets.

According to 1ML, at the time of writing LN capacity stands at 5,362 BTC, 61,982 channels are open and 14,623 nodes are online.

In November 2022, the network developers patched a critical bug that caused a node synchronization failure.

In autumn 2023, the Lightning Labs team introduced the alpha version of the Taproot Assets protocol v0.3 for the Bitcoin mainnet. ForkLog explained the solution in News+ format.