Developer exposed potential security issue on the Lightning Network

Quick Take

  • A vulnerability was identified in the Bitcoin Lightning Network by developer Antoine Riard.
  • The flaw, known as “replacement cycling attacks,” theoretically affected a key component called Hash Time Locked Contracts (HTLC), posing a risk to fund security.
  • No verified real-world attacks have been linked to this vulnerability for the past 10 months.
  • The mitigation steps have been taken, with patches deployed across major Lightning Network implementations.

A vulnerability was identified in the Bitcoin Lightning Network, a second-layer solution aimed at accelerating transaction speeds on the Bitcoin blockchain.

The flaw was reported by Bitcoin developer Antoine Riard, who laid out the details in a report published last week.

The vulnerability, referred to as “replacement cycling attacks,” could potentially jeopardize the security of funds flowing through the Lightning Network.

It theoretically may allow sophisticated attackers to execute a "transaction-relay jamming attack" and target a crucial Lightning Network component known as Hash Time Locked Contracts (HTLC). The objective of such an attack would be to disrupt the normal flow of transactions, causing delays or preventing them from being processed as expected. This could lead to potential risk of loss-of-funds within the network’s channels.

Although concerning, the flaw has not yet led to any verified real-world attacks. Riard stated that there’s no evidence of such activities over the past 10 months based on observational data. “While neither replacement cycling attacks have been observed or reported in the wild since the last ~10 months or experimented in real-world conditions on bitcoin mainnet,” the report highlighted.

Riard also revealed that the vulnerability was disclosed to Lightning developers and mitigation steps have been taken, with patches deployed across major Lightning Network implementations like Eclair, LND, and C-Lightning. However, he expressed reservations about the effectiveness of these mitigations against more advanced forms of the attack.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

The implications of this vulnerability could extend beyond the Lightning Network. Riard’s report suggested that the flaw might affect a range of other Bitcoin protocols and applications, such as coinjoins, peerswap and batch payouts.

Developer departs

Riard, the developer who first unearthed the vulnerability, simultaneously published a note stating that he has ceased work on Lightning.

“Effective now, I’m halting my involvement with the development of the lightning network and its implementations, including coordinating the handling of security issues at the protocol level,” Riard wrote.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]


To contact the editor of this story:
Ryan Weeks at
[email protected]