Lightning Labs warned its users about the loss of all bitcoins if they are currently using the Lightning Network.
“Don’t invest more money in Lightning than you are willing to lose,” Lightning Labs published a message a few hours ago, which, of course, undermines user confidence.
There was also an addition to the first warning: “This is a good time to remind us of our limitations and to avoid the loss of funds. Errors found. “
The Lightning Network is a second-tier solution that allows users to instantly send money with low fees beyond the main bitcoin blockchain.
On August 30, the developer mailing list received a message from Lightning dev Rusty Russell stating that several versions of Lightning nodes are vulnerable and should be updated immediately:
“Security issues have been identified in various Lightning projects that could result in a loss of funds. Full information will be published in 4 weeks (2019-09-27), please update as soon as possible. ”
At that time, the details of this vulnerability were not disclosed, fortunately, no actions of the attackers were also taken.
Olaoluva Osuntokun, Technical Director of Lightning Labs, later confirmed that the vulnerability had been exploited several times, with a consequent loss of funds.
If you are not using the following versions (they are fully fixed), you need to upgrade now to eliminate the risk of loss of funds:
lnd v0.7.1 – everything that is 0.7 and below contains an error;
c-lightning v0.7.1 – everything that is 0.7 and below contains an error;
eclair v0.3.1 – everything 0.3 and below contains an error.
Currently there is no information about how many users were injured and how much money was stolen.