Connect with us

Blockchain

Good Griefing: A Lingering Vulnerability On Lightning Network That Still Needs Fixing

Republished by Plato

Published

on

What happens when your Lightning Network routing node is fed with garbage transactions that never resolve? In short, it causes a lot of grief for routing nodes. What was once a smooth, global payment system can be locked up with trivial effort from a savvy script writer.

Working in a small team of routing nodes, we successfully ran a test of the attack with real funds and demonstrated the “griefing” attack described by Joost Jager. The attack is called a grief attack since it is not a theft of funds, but it causes a victim’s Lightning funds to be frozen: a major upset. What we found is that griefing is a serious threat to large “wumbo” channels expecting to earn a yield on their bitcoin, only to have their funds frozen for a period of time. 

This is mostly a grief attack: no loss of funds, but the victim may be forced to pay for an expensive channel force close. This is a known vulnerability on mainnet Lightning and it needs to be understood and prioritized, especially at this early market stage of Bitcoin’s Lightning Network.

Thanks to Clark Burkhardt and Phillip Sheppard for their willingness to participate in this test and to Jager for his tireless work to bring attention and priority to this vulnerability. Jager played the role of the attacker for our demonstration, while Burkhardt and Sheppard joined me as connected victim routing nodes.

How The Attack Works

The attacker saturates one (or several) channel(s) with Hashed Time Locked Contracts (HTLCs) that don’t resolve as a finalized payment. These are a special breed of HTLCs known as HODL invoices. Only 483 of these unresolved HTLCs are required to overwhelm a channel per direction. Once those HTLCs are in the channel, any transactions using that same channel direction are impossible, including a transaction to cooperatively close that channel.

In theory, an attacker could contact the victim (perhaps via a keysend message or in an “onion blob”) and demand a ransom be paid to halt the attack. Once the ransom is paid, the attacker could remove the unresolved payments, ending the attack. The attack can be sustained indefinitely, halting all routing and payment activity in that channel. This freezes the funds in the Lightning channel.

Both directions of payments can be stalled in a channel by using 483 HTLCs in each direction, both inbound and outbound.

Thunderhub view of my balanced channel to Burkhardt under attack. The channel shows as “Not Active,” as if Burkhardt were offline, but he wasn’t. The amount in blue is the local balance in sats, the amount in green is the remote balance in sats owned by Burkhardt. Source: Thunderhub.

Why Would An Attacker Do Something Like This?

The first motive that comes to mind is to demand a ransom. This attack causes pain for the victim and paying a ransom may be attractive to a victim, even without assurance that the attack would stop. Contacting the victim might be risky for an attacker, but a ransom payment might not be the only reason someone would do this.

A secondary incentive for launching a griefing attack would be to disrupt routing competition. Jamming a competitor’s route could create more demand for a route owned by an attacker.

As a benchmark, consider that Lightning Labs’ Loop node has an ongoing demand for liquidity for which it will sometimes pay a 2,500 parts per million of the payment (ppm) (0.25 percent) fee rate. In my experience, they would normally exhaust 16 million sats’ worth of liquidity in about two weeks (5.2 percent annual percentage rate), but that is with competition present. 

If an attacker could disable any competing route with lower fee rates, Loop may be willing to pay a higher fee rate (since the supply of liquidity is now reduced). Let’s say Loop would pay 3,000 ppm (0.3 percent), as well as use that liquidity more quickly since no other channels are functioning. Loop might use that liquidity in half the time, say one week. The attacker would more than double their usual yield to 15.6 percent APR in this example. The only cost to the attacker is the cost of running a script on an existing channel and the psychological cost of doing something immoral/damaging to the Lightning Network. With a single attacker channel, a malicious actor could jam about nine channels (see Jager’s tweets about this).

What Would The Victim Of This Attack Experience?

The victim of this attack wouldn’t really know that this attack was happening unless they had some special alerts set for pending HTLCs. For Thunderhub users (a highly recommended tool), the home screen will show a chart of pending HTLCs as well as a warning stating that channels can only hold 483 pending HTLCs.

Source: Thunderhub

In practice, my node quickly became unreliable and experienced several app crashes, including Thunderhub, which was the only app to notify me of the problem. Then, thanks to my “Balance of Satoshis” Telegram bot, I got a channel closing notification. The channel under attack force-closed itself! That was not supposed to be part of the experiment. (For more technical information on the involuntary force close, see below for additional force-close data.)

A test payment using the channel with Burkhardt (salmiak) failed due to the attack. This warning reports that Burkhardt’s node is offline, though it was online. Source: Thunderhub.

What Can The Victim Do To Stop A Griefing Attack?

Once an attack starts, a victim essentially can’t do anything to stop it. The only alternatives available to halt an ongoing attack would be to force-close the channel being attacked, which means that the terrorists win. 

To add insult to injury, force-closing the channel will push the unresolved payments to the on-chain transaction data, triggering secondary on-chain transactions for the initiator of the force close. At 50 sats/vbyte and 483 on-chain transactions, that’s easily a 1 million sat price tag to force close a single channel under attack (a $368 channel close fee at today’s prices). The multiple on-chain transactions only occur if the output is above the minimum payment “dust” limit. (See this example on testnet.)

How To Prevent A Griefing Attack

Jager has been working on a proof-of-concept program to help isolate and fight attackers. He’s calling his program “Circuitbreaker.” The Circuitbreaker works at a network level, which unfortunately means that everyone has to participate for it to be effective.

Beyond that, this issue needs prioritization and attention from dedicated engineers/developers to find better solutions. There have also been some good discussions on modifying the protocol in the Bitcoin Optech newsletter (issue #122 or #126).

This attack can be executed today. It is a miracle that it hasn’t already been used maliciously. It’s a reflection of the incentives for those using Lightning today so that it can become an open, universal payment network. Please share this post as you see fit to encourage and inspire more work to fix this problem before it causes real harm.

Additional Technical Information About The Involuntary Force-Close

Here are the logs from my node running LND 0.11 at the moment that the above mentioned involuntary force-close occured:

2020-11-26 21:24:47.374 [ERR] HSWC: ChannelLink(657759:561:0): failing link: ChannelPoint (c37bec006b18df172698a84739ca47128935e0a8666fecd1a843e49b01db207c:0): received error from peer: chan_id=7c20db019be443a8d1ec6f66a8e035891247ca3947a8982617df186b00ec7bc3, err=rejected commitment: commit_height=455, invalid_commit_sig=3044022076fd65191eb6305b723fa6012be378413b6326e2786c38db58b4c02e1f3999d202207605ca31de8b4c5b1d9cd20dc1581dfa2383e0b4e06c8ad4f718ab5c434d8cf5, commit_tx=02000000017c20db019be443a8d1ec6f66a8e035891247ca3947a8982617df186b00ec7bc300000000008a792e8002210d0000000000002200201031cf10a1efef261edd3d0a1a6a953b27bc25bd7150bb2b07afdc69805e02157213000000000000160014de650929042bef58b71783ae1a44834a902a8f2d542ca720, sig_hash=4e0fb804c74376020e4c44a60969b9206eb0aaa9a89b76017d60f23ad5cf63e5 with error: remote error

The logs show an “invalid_commit_sig” which is a known issue in LND. Supposedly, this can happen upon reconnecting and isn’t a direct result of the channel jamming. The volume of pending HTLCs unfortunately makes it more likely to happen. Jager helped explain the process as channel jamming –> endless payment loop (bug) –> node down –> reconnect –> invalid commit sig (bug) –> channel force-close.

The “endless” loop bug is a known bug that occurs when the HTLC limit is reached and an additional HTLC is sent. Instead of ending in a payment failure, LND will continue to attempt the payment in a loop. To help with this bug, see LND issue #4656.

This is a guest post by Jestopher. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Source: https://bitcoinmagazine.com/articles/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing?utm_source=rss&utm_medium=rss&utm_campaign=good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing

Blockchain

Elon Musk Teases Bitcoin Maximilsts Once Again

Republished by Plato

Published

on

The CEO of Tesla, SpaceX, and The Boring Company, has taken another humoristic stab at BTC maxis by asking how many are needed to change a light bulb. The wave of comments didn’t disappoint from names like Michael Saylor, Dan Held, Raoul Pal, and more.

  • Ever since the start of the year when Musk said he regretted not buying bitcoin years ago and later revealed that his EV company had actually purchased $1.5B in BTC, the billionaire has frequently been engaging with the community.
  • Most of the discussions used to be in a positive manner, but it all changed when Tesla disabled BTC payments citing environmental issues. When Musk started bashing the cryptocurrency for its high energy consumption levels, most Bitcoin maximalists changed their tunes as well.
  • However, it seems that Tesla’s CEO sees most of it from a humoristic point of view and the latest example, which came earlier today, supports this idea.
  • He reiterated a popular question on Twitter – ”How many Bitcoin maxis does it take to screw in a lightbulb?” Later on, his own response was also quite ironic.
  • Some popular BTC maximalists and other cryptocurrency commentators quickly offered their opinion on the matter. Michael Saylor, the CEO of MicroStrategy, was among the first who also caught the irony – “if you give us 10 minutes, maybe we can hash out the answer,” referring to how the Bitcoin network works.
  • Peter McCormack, the podcaster who recently interviewed the President of El Salvador on the country’s BTC adoption, took a stab at Musk, while Raoul Pal spoke about his views on what the BTC maxi tribe represents.
  • Interestingly, Dan Held, the Head of Growth at Kraken, responded with a reference towards Elon Musk’s favorite meme coin – Dogecoin.
SPECIAL OFFER (Sponsored)

Binance Futures 50 USDT FREE Voucher: Use this link to register & get 10% off fees and 50 USDT when trading 500 USDT (limited offer).

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to get 50% free bonus on any deposit up to 1 BTC.

You Might Also Like:


PlatoAi. Web3 Reimagined. Data Inteligence Amplifed.
Click here for Free Trial.

Source: https://cryptopotato.com/elon-musk-teases-bitcoin-maximilsts-once-again/

Continue Reading

Blockchain

Bitcoin’s Dominance Rises as BTC Reached a 4-Day High at $35,500 (Market Watch)

Republished by Plato

Published

on

Although bitcoin failed to continue upwards after its intraday high of $35,500, its dominance over the market has increased further. This comes as most alternative coins have stalled, except for Dogecoin, which is up by double-digits.

BTC Dominance on the Rise

After the mid-week crash, in which bitcoin slumped below $30,000 for the first time since January, the asset’s performance has been calmer. It recovered most losses and even spiked to just shy of $35,000 on the following day but failed to continue higher as reported.

The bears drove it south to around $32,000, but the trajectory quickly reversed in the following hours. BTC started climbing again and added more than $3,000 of value.

As a result, it charted a four-day high of approximately $35,500. Despite losing over a grand since then, its dominance over the market has actually increased.

The metric comparing BTC’s market capitalization with all other cryptocurrencies is up to 47%.

BTCUSD. Source: TradingView
BTCUSD. Source: TradingView

Alts Stall While DOGE Pumps

Most of the alternative coins have remained stagnant on a 24-hour scale. Although Ethereum recovered from its most violent stages of the crash, it still fails to overcome $2,000 decisively. As a result, ETH trades just north of $1,900 for a second consecutive day.

Binance Coin jumped higher in the past 24 hours and even exceeded $310 at one point, but has retraced since then and is currently around $290. Cardano, Polkadot, Bitcoin Cash, and Chainlink are slightly in the red since yesterday.

In contrast, Ripple, Uniswap, Litecoin, and Solana have marked minor gains. Dogecoin is the most impressive performer once more from the larger-cap alts following a 10% increase to $0.26.

Cryptocurrency Market Overview. Source: Quantify Crypto
Cryptocurrency Market Overview. Source: Quantify Crypto

More fluctuations come from lower- and mid-cap alts. Celo (20%) has surged the most, followed by Nano (16%), Siacoin (12%), THORChain (12%), Curve DAO Token (11%), and Waves (10%).

Klaytn has lost the most from yesterday after a 14% drop. Nevertheless, the cumulative market capitalization of all cryptocurrency assets has remained just shy of $1.4 trillion.

SPECIAL OFFER (Sponsored)

Binance Futures 50 USDT FREE Voucher: Use this link to register & get 10% off fees and 50 USDT when trading 500 USDT (limited offer).

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to get 50% free bonus on any deposit up to 1 BTC.

Disclaimer: Information found on CryptoPotato is those of writers quoted. It does not represent the opinions of CryptoPotato on whether to buy, sell, or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk. See Disclaimer for more information.

Cryptocurrency charts by TradingView.


PlatoAi. Web3 Reimagined. Data Inteligence Amplifed.
Click here for Free Trial.

Source: https://cryptopotato.com/bitcoins-dominance-rises-as-btc-reached-a-4-day-high-at-35500-market-watch/

Continue Reading

Blockchain

XRP, Chainlink, VeChain Price Analysis: 25 June 

Republished by Plato

Published

on

As the market continued to make slow and steady recovery, some altcoins bounced back up earlier than expected while others highlighted more volatility and steeper ups and downs.

With new updates in the SEC v. Ripple lawsuit rearing their heads every other day, XRP hiked after the 21 June fall. VeChain, on the contrary, made headlines after VeTrust, built on VeChain Thor, got adopted by a local Chinese government for better COVID-19 risk management.                                                                                                

XRPSource: XRP/USD – TradingView

XRP made a swift recovery as it noted 22% gains from its 22 June levels. The asset, after testing the $0.775-support on 21 June, fell below this level and tested the lower support at $0.55. XRP, after testing its lower support, later bounced back and highlighted considerable price gains.  

The Bollinger Bands for the asset noted a slight convergence that saw reduced volatility and a less expanded price range as the asset made recovery from its lower lows. Further, bullish momentum could be observed building on the Awesome Oscillator with the appearance of green bars. 

The Relative Strength Index for XRP was heading towards the neutral zone and had a reading of 38.43 at press time. The RSI’s uptick underlined an increase in buying pressure, one which pulled the asset from the oversold zone on 23 June. However, sellers were still dominant at press time.

XRP was trading at $0.67 at press time and if its northbound price movement continues, it can test the  $0.775-resistance as well.  

Chainlink [LINK]Source: LINK/USD – TradingView

LINK was trading at $18.9 at press time and was down 64.01% from its ATH with a breakeven multiple of 2.78. The alt’s price, after testing the $17.3 support, bounced back and made decent recoveries. The 15th ranked coin had a 24-hour price hike of 3.80% and a 7-day price dip of 16.30%. 

In light of the appearance of green candlesticks on the chart, the prevailing trend was slightly bullish. This corresponded with the Parabolic SAR’s white dots that have appeared below the candlesticks since the beginning of 24 June. Further, the Squeeze Momentum Indicator pointed to an active squeeze release (white dots) and projected a bullish trend in store for the asset. 

Finally, the MACD and Signal lines underwent a bullish crossover on 24 June, pointing towards a market recovery for the alt. This could lead the asset to rally towards the $25.9-resistance if recoveries continue.

VeChain [VET]Source: VET/USD – TradingView

VeChain was trading at $0.08 at press time and was ranked 21st on CoinMarkerCap. The alt saw decent recoveries after the 21 June price fall, and its 7-day price dip was 23.29% while its 24-hour price gain was 5.50%. The asset was down 70.14% from its ATH and had a breakeven multiple of 3.35. 

Bollinger Bands for the asset highlighted increased volatility and pictured a more expanded price range as the asset made recovery from its lower lows. Capital inflows for the asset were neutral, according to Chaikin Money Flow, with outflows still dominant in the market.

Finally, the Average Directional Index (ADX), highlighted a non-directional market. Once ADX is under 25, an uptrend can be expected to become stronger. The alt, after testing its lower support at $0.07, bounced back up and if the price rallies further it could touch the resistance level at $0.098.


Subscribe to our Newsletter


PlatoAi. Web3 Reimagined. Data Inteligence Amplifed.
Click here for Free Trial.

Source: https://ambcrypto.com/xrp-chainlink-vechain-price-analysis-25-june

Continue Reading
Blockchain4 days ago

Legends: The premium NFT minting platform

Uncategorized4 days ago

Origin Protocol Price Prediction 2021 – Will OGN Hit $5 Soon?

Assets2 days ago

Hedge fund that shorted GameStop closes as $1.13B GME stock offer completes

Blockchain1 day ago

Active Bitcoin Addresses Reach the Lowest Level in 12 Months

News5 days ago

When is the right time to buy Bitcoin?

Blockchain5 days ago

Indian Police Arrested ”Crypto King” Who Traded Drugs for Bitcoin

Blockchain2 days ago

PayPal and Visa Lead $300M Funding for Blockchain Capital

Blockchain5 days ago

Will Polygon still be necessary after Ethereum 2.0 is live?

Blockchain1 day ago

7 Altcoins That Make You a Billionaire in 2022

News4 days ago

New Bill Aims To Make Paraguay a Global Crypto Hub

News2 days ago

Crypto Trader’s $20 Investment Explodes to $1,184,154,683,482 on Coinbase – But He’s Not Cashing Out

Uncategorized5 days ago

Is $SHIB Better Than $DOGE? And Other Crypto ($BTC, $ETH, $CHZ) News From Paraguay

News5 days ago

Battlegrounds Mobile India sending your data to a Chinese Server: Report

Blockchain4 days ago

3 Tons of Bitcoin Mining Rigs Will Reportedly Relocate From Guangzhou to Maryland

Blockchain2 days ago

Cardano Founder: Ethereum Will Overtake Bitcoin

Blockchain5 days ago

Bitcoin Whales, FX Acquisitions, ETH Options Expiry, XRP: Editor’s Pick

Blockchain5 days ago

Every quad witching, this Chainlink price trend can be observed

Blockchain2 days ago

Terra Virtua’s Mechagodzilla NFT sold for $33,700 by Blockmuse

Blockchain2 days ago

MATIC, USDT, BAL, WBTC + 3 more cryptocurrencies now available for trading on CoinJar

Blockchain2 days ago

Despite the Bounce: Bitcoin Might Still Retest $24K as Final Leg Down

Trending