The Lightning Network is a young protocol, and it’s going through some technical growing pains as its tech stack grows and its network expands. While most of the vulnerabilities (covered in part one of this series) are neither protocol-breaking nor easy to exploit, they’re still reminders that improvements come with trade-offs – and that security and usability are two sides of the same coin.
This is the second article in our two-part series on existing vulnerabilities in Bitcoin’s Lightning Network. Part one detailed the outstanding vulnerabilities and their risk factors. Part two will examine why these weak spots have never been exploited, what changes may be made to fix them and the developing trade-offs that come from balancing user-friendly applications and air-tight security.
Vulnerable, but never exploited
For all of the Lightning network protocol’s vulnerabilities, no one has exploited them yet. It seems that, right now, they’re either too difficult to pull off for most hackers or there’s not enough at stake in Lightning channels to justify the effort, Joost Jager, an independent Lightning network engineer, told CoinDesk.
Also, most everyone using Lightning right now is friendly and non-adversarial, so things have remained generally peaceful on Bitcoin’s scaling frontier.
To some extent, however, Jager would welcome a little adversity. After all, it’s all well and good to have vulnerabilities that no one exploits, but what happens when the “kumbaya” stops, attackers get savvy and Lightning has enough money in it to justify an attack?
Before that day comes, Jager would like to see more “battle testing” of Lightning’s network so these attack vectors aren’t ignored until they can’t be any longer.
“I think it would help if Lightning would become a target for hackers. Because right now everything is so friendly; it’s not really tested. I think it would be good at this stage because it helps you set your prio...