As reported by Conner Fromknecht, head of cryptographic engineering at Lightning Lab, a vulnerability in LND versions prior to 0.11 was recently discovered that could put the Lightning Network ecosystem at risk.
Partial LND Vulnerability Disclosure, Update to 0.11.x
Full disclosure will be published on October 20th 2020.https://t.co/1vnXLDME7G
— Conner Fromknecht (@bitconner) October 9, 2020
From what we can read, we understand that LND versions that affect nodes prior to 0.11 are subject to this type of vulnerability, which is why we invite everyone to update nodes to the latest version, which is the 0.11 version.
The Lightning Network team recalls that while it is true that this is an important vulnerability, at the moment it does not seem to have been exploited by anyone, suggesting that there have been no attacks.
Of course this is understandable, but until everyone updates the system to the new version, the risk still remains, so it could be a wake-up call for all Lightning Network users.
This protocol, which is still not 100% perfect, was created with the intent to have faster and cheaper Bitcoin transactions in comparison to the on-chain ones happening on its blockchain.
Currently over 1000 BTC can be found on this protocol.
The vulnerabilities of Lightning Network
Unfortunately this is not the first problem that has affected the nodes of this protocol: already last year another problem was discovered on Lightning Network and even then users had to update the system.
However, the characteristics of the vulnerability will be presented in detail next October 20th, so that we will have time to fix the flaw and have a large number of nodes that will have already been updated to the new version.
Finally, it should be remembered that this solution has been targeted by the IRS (Internal Revenue Service), the largest agency of the US Treasury Department, which launched a $1 million race for companies to submit work to track movements on both Momero (XMR) and Lightning Network.
This race was won by two companies and between them we can see the name of ConsenSys, which will then start working to retrieve more information on transactions on these two protocols which will then become less anonymous.