Lightning Vulnerability Discovered; LND Node Operators Urged to Upgrade ASAP

An undisclosed vulnerability in LND versions 0.10.x and below was revealed Thursday. Developers are urging node operators to update to the newest version.

AccessTimeIconOct 9, 2020 at 12:58 a.m. UTC
Updated Sep 14, 2021 at 10:06 a.m. UTC

A vulnerability in LND versions 0.10.x and below has been disclosed to the Lightning Labs team, according to engineer Conner Fromknecht in the Lightning Network developer channel Thursday. In light of the disclosure, the firm is urging node operators to upgrade to versions 0.11.0 or higher as soon as possible.

  • No known exploitations of the vulnerability have been found to date, but "circumstances surrounding the discovery resulted in a compressed disclosure timeline," Fromknecht said.
  • The vulnerability was "partially" disclosed with a detailed publishing of the findings promised Oct. 20.
  • Lightning Labs – one of three major implementations of the Lightning Network – released its newest v0.11.1-beta on Oct. 1.
  • Lightning Labs did not respond immediately to a request for comment.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.