Bitcoin’s Lightning Network found to have security vulnerabilities

Bitcoin’s Lightning Network, an experimental second-layer scaling solution built on top of the Bitcoin Network for quicker fund transfers, has been found to have some security vulnerabilities.

Rusty Russell, an Australian software programmer and a bitcoin lightning coder, tweeted Friday, saying that security issues have been discovered in “various lightning projects which could cause loss of funds.”

While Russell did not provide specific details, he said more information will be issued in four weeks.

In the meanwhile, the coder has advised users to upgrade the following affected lightning nodes:

- Common vulnerabilities and exposures (CVE) -2019-12998 c-lightning < 0.7.1
- CVE-2019-12999 lnd < 0.7
- CVE-2019-13000 eclair <= 0.3

The Lightning Network was first proposed in February 2015, and is still very much in its early days with many issues. Over 50 firms are working to bring the network to the mainstream, including Casa, OpenNode and Thor, according to The Block’s research.