Bitcoin
$66,162.22+0.39%
Ethereum
$3,165.96-1.44%
Binance Coin
$607.62+0.14%
Solana
$153.57+0.13%
XRP
$0.54434235+2.35%
Dogecoin
$0.15790090-1.47%
Toncoin
$5.61-8.97%
Cardano
$0.51629635+1.76%
Shiba Inu
$0.00002665-1.65%
Avalanche
$38.23-1.83%
Wrapped Bitcoin
$66,328.69+0.33%
Polkadot
$7.40-1.08%
PlayIconNav
Crypto Prices CoinDesk 20 Index CoinDesk 20 Index
Countdown to Consensus 2024The largest and longest running event that covers all sides of Crypto and Web 3
36
DAYS
02
HR
06
MIN
06
SEC
Markets

Lightning Network Developers Warn of Bug That Could Cause Loss of Bitcoin

Developers disclosed a security hole in various versions of bitcoin's Lightning Network software that could cause users to lose money.

By William Foxley
AccessTimeIconSep 10, 2019 at 9:15 p.m. UTC
Updated Sep 13, 2021 at 11:25 a.m. UTC
lalou, lightning
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Developers have disclosed a security hole in various versions of bitcoin's Lightning Network software that could cause users to lose money if not updated.

The bug was first made public on Aug. 30 by bitcoin and Lighting developer Rusty Russel and confirmed Tuesday afternoon by Olaoluwa Osuntokun, CTO of startup Lightning Labs.

It's unclear how much bitcoin, if any, was lost, or how many users were affected.

Multiple Lightning node versions are vulnerable and should be updated immediately, Osuntokun warned a developer mailing list, adding:

"We've confirmed instances of the CVE being exploited in the wild."

An experimental layer-two solution, Lightning aims to allow nearly costless transactions, making bitcoin feasible for mundane transactions such as coffee purchases.

But the bug shows the technology still has problems like any code-based financial product.

“Security issues have been found in various lightning projects which could cause loss of funds,” Russel said in the original posting. “Full details will be released in 4 weeks (2019-09-27), please upgrade well before then.”

Osuntokun emphasized that lightning is still in its infancy.

“We'd also like to remind the community that we still have limits in place on the network to mitigate widespread funds loss," he wrote, "and please keep that in mind when putting funds onto the network at this early stage.”

Lightning Labs continued the warning on Twitter, reminding users that it's still possible to lose funds on the network.

Don't put more money on Lightning than you're willing to lose!

— Lightning Labs⚡️ (@lightning) September 10, 2019

Versions affected include all LND releases 0.70 and below, C-Lightning 0.70 and below, and éclair 0.3 and below.

Olaoluwa Osuntokun image via CoinDesk archive

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.

Read more about
NewsLightning Network