Bitcoin Core developer and security researcher Antoine Riard stepped down from the Lightning Network’s development team, citing security concerns due to a potential backdoor that could allow attackers to get control over the Layer 2 protocol.
In a thread on the Linux Foundation’s public mailing list, Riard argued the Bitcoin community faces a “hard dilemma” as a novel class of replacement cycling attacks puts Lightning in a “very perilous position.“
(Thread)
This type of attack specifically targets the Lightning Network’s payment channels, manipulating transaction details in a way that could enable hackers to steal funds without detection (see explainer thread above). In short, it works by changing the signature of a victim’s timeout transaction in the mempool, replacing it with a new transaction without leaving any trace in the network.
In his statement, Riard argued that these new security risks place the Lightning Network in a precarious position. While there are existing measures to counter simple versions of this attack, Riard believes that more complex forms could successfully exploit the system.
(Thread)
To effectively tackle this issue, he suggests that fundamental changes may need to be made at the foundational level of the Bitcoin network. This, he emphasized, would require a high degree of openness and community agreement.
(Thread)
Meanwhile, Lightning Network’s growth has jumped 1200% in 2 years, according to River’s new report, with around 6.6 million users routed transactions in August.
(Thread)
Moving forward, a transparent and prompt solution will be crucial to maintain public confidence in Lightning Network’s ability to scale Bitcoin efficiently and securely.
Riard, though, now plans to focus solely on Bitcoin Core development while warning the community about upcoming challenges for the broader cryptocurrency ecosystem.
(Thread)