A vulnerability in LND versions 0.10.x and below has been disclosed to the Lightning Labs team, according to engineer Conner Fromknecht in the Lightning Network developer channel Thursday. In light of the disclosure, the firm is urging node operators to upgrade to versions 0.11.0 or higher as soon as possible.
- No known exploitations of the vulnerability have been found to date, but "circumstances surrounding the discovery resulted in a compressed disclosure timeline," Fromknecht said.
- The vulnerability was "partially" disclosed with a detailed publishing of the findings promised Oct. 20.
- Lightning Labs – one of three major implementations of the Lightning Network – released its newest v0.11.1-beta on Oct. 1.
- Lightning Labs did not respond immediately to a request for comment.
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.