Bitcoin developer Antoine Riard announced his departure from Lightning Network’s development, citing security concerns and fundamental challenges to the Bitcoin ecosystem. Riard, who is also a security researcher and contributor to the Bitcoin core, revealed his decision in a thread on the Linux Foundation’s public mailing list.
A new class of attacks
Riard explained that he was stepping down from the Lightning Network’s development because of a new class of attacks that he called replacement cycling attacks. These attacks target the payment channels that enable fast and cheap off-chain transactions on the Lightning Network. By exploiting inconsistencies between individual mempools, the attacker can potentially steal funds from a channel participant.
Riard claimed that these attacks put the Lightning Network in a very perilous position, where only a sustainable fix can happen at the base-layer, meaning the underlying Bitcoin network. He suggested that such a fix may require changes to the full-nodes processing requirements or the security architecture of the decentralized Bitcoin ecosystem.
Inadequacies of mitigations
Riard also noted that these attacks have been known to the Lightning developers since 2022, and that some mitigations have been deployed in all major Lightning implementations. However, he doubted that these mitigations were enough to stop advanced attackers, and he called for more transparency and buy-in from the Bitcoin community as a whole.
Riard stated that he will now focus on Bitcoin core development, but he warned that there are more challenges ahead for the major cryptocurrency. He mentioned issues such as transaction malleability, fee estimation, and privacy as some of the areas that need improvement.
A bidirectional payment channel
The Lightning Network is a layer-2 solution that aims to improve the scalability and efficiency of Bitcoin transactions by enabling off-chain, peer-to-peer transactions. It features a network of bidirectional payment channels that allow participants to transfer money to each other without having to make all their transactions public on the blockchain. The Lightning Network has gained popularity since its inception in 2018, with a total value locked reaching $159.5 million at the time of writing, according to data from DefiLlama. However, this figure is still very modest when compared to Bitcoin’s $587 billion market capitalization.