Previously in August, an Australian coder for Bitcoin’s Lightning Network, Rusty Russell, had warned users about security issues in Lightning projects, issues that might lead to a loss of funds. He had then urged the network’s node operators to update their software.
In a recent update, developers of the Bitcoin Lightning network confirmed that the aforementioned vulnerabilities had been exploited. Lightning Network development firm, ACINQ, revealed the news to the community via Twitter. The tweet read,
“We’ve confirmed instances of the vulnerability being exploited in the wild. Please upgrade immediately to avoid risk of funds loss.”
Olaoluwa Osuntokun, CTO of Lightning Labs, also used Twitter to notify the community about the Lightning Network being affected. Osuntokun shared the Linux Foundation’s statement which confirmed the exploitation of Common Vulnerabilities and Exposures [CVE].
The Lightning Network acts as a second layer payment protocol that enables faster transactions and runs on the blockchain of a cryptocurrency. Lightning Labs has also warned its users via Twitter, asking them not to put any more money on the network. The tweet read,
“This is also a great time to remind folks that we have limits in place to mitigate widespread funds loss at this early stage. There will be bugs. Don’t put more money on Lightning than you’re willing to lose!”
Users are required to upgrade their Lightning Network versions and the affected versions are LND nodes version 0.7 and below, c-lightning nodes version 0.7 and below and eclair nodes version 0.3 and below.