Lightning Network: 100M at risk from multisig payment
A multisig transaction on the Lightning Network breaks the network’s consensus due to a bug in the program code. Most of the critical payment and subsequent transactions could no longer be processed. According to a developer, the $100 million total fortune locked in the LN was at risk.
Multisig payments are again causing errors in the Lightning Network
In fact, this is not the first incident of this kind, but it is probably the most critical so far. A so-called multisig payment is to blame. A transaction requires the approval of several wallets in order to actually be accepted.
In this case it was a targeted endurance test by Burak Keceli. At the beginning of October , he had already tested a so-called 998-of-999 multisig payment for the first time. 998 different wallets have to agree to the payment so that it is really passed on to the network. Only a competent person may refuse his consent.
The attempt already led to problems in October . Now Keceli makes a second attempt. Again, this is a multisig transaction of the same magnitude. Apparently, Keceli realized that he found a sore spot within the Lightning Network (LN).
Lightning poses great challenges to the large number of responsible addresses. The usually low network fees increase in parallel to a value of several US dollars, which is otherwise known from the Bitcoin mainnet . On his first try, Keceli paid around $5 in fees.
Reading tip: Lightning Network: Will privacy soon be a thing of the past?
Multisig breaks Lightning Network consensus
Even Keceli’s first test run shook the consensus of the Lightning Nodes. His second attempt now again led to a major desync of the network nodes. The nodes largely rejected the critical payment and all subsequent transactions.
Around half of the entire Lightning Network was affected, according to a discussion initiated by Bitcoin and Lightning developer Rene Pickhardt .
According to statements by the Lightning Labs development studio, no node operator suffered any monetary damage, but statements by Pickhardt put this report into perspective.
A large proportion of LightningNetwork nodes were affected and their balances were at risk.
Writes Pickhardt. So there was actually a risk of losing Satoshis, but ultimately no one was affected. On November 1st, shortly after the responsible transaction, Lightning Labs released an update that brought the network back into sync and prevented the error from reoccurring.
Keceli, responsible for the chaos, announced on Twitter that he had deliberately accepted the system-critical error. He explicitly rejected a so-called CVE error report ( Common Vulnerabilities and Exposures) .
Responsible CVE is weak magic that only hurts the balance.
Does he justify his decision?
Up to 100 million US dollars are at risk
An error in the program code of the node client Lightning Network Daemon ( usually abbreviated as LND ) is to blame for the misery. Lightning Labs closed this with a hotfix on November 1st.
Because different node clients are active in the network, the error did not occur in its entirety. According to recent data from The Block , there is currently around $100 million in the Lightning Network.
According to the current Bitcoin price , this corresponds to around 5,000 BTC. This value was exposed to a maximum loss. Since not every node was affected by the faulty program code, the actual value is indefinitely lower.
LN critics are using the incident to warn about payments taking place off the blockchain .