loader gif

Vulnerabilities found in Bitcoin Lightning Network could result in loss of funds

Vulnerabilities found in Bitcoin Lightning Network could result in loss of funds
  • The vulnerabilities have been patched in the latest versions Ind v0.7.1, c-lightning v0.7.1, and eclair v0.3.1.
  • Researchers have observed instances of the vulnerabilities being exploited in the wild and are warning users to immediately update to the latest patched versions.

What’s the matter?

In late August, several vulnerabilities were detected in the Bitcoin Lightning Network that could result in funds being lost from accounts. Now, researchers have observed instances of the vulnerabilities being exploited in the wild.

What is the impact?

The vulnerabilities impact various lightning projects in Bitcoin Lightning Network.

  • The vulnerability tracked as CVE-2019-12998 impacts lnd version 0.7 and prior.
  • The vulnerability tracked as CVE-2019-12998 impacts c-lightning version 0.7 and prior.
  • The vulnerability tracked as CVE-2019-12998 impacts eclair version 0.3 and below.

Vulnerabilities patched

Bitcoin Lightning Network has released security updates that address the vulnerabilities. The vulnerabilities have been patched in the latest versions Ind v0.7.1, c-lightning v0.7.1, and eclair v0.3.1.

Olaoluwa Osuntokun, CTO at Lightning Labs, who observed that the vulnerabilities are being exploited in the wild, has alerted the Bitcoin Lightning Network users who have not updated their systems to immediately update to the latest patched versions.

“We'd also like to remind the community that we still have limits in place on the network to mitigate widespread funds loss, and please keep that in mind when putting funds onto the network at this early stage,” said Osuntokun.

loader gif