Lightning devs need to ‘wake up’ and fix security bugs, please VCs: Bitcoin dev
Developers working on the Bitcoin Layer 2 Lightning Network are less concerned with security and more focused on generating cash flow for their investors, a former Lightning Network developer has argued.
Bitcoin Core developer and security researcher Antoine Riard left the Lightning ecosystem last month over concerns about a new attack vector that could be used by exploiters to steal funds by targeting payment channels.
How does lightning replacement bicycle attack work?
There is a lot of discussion about this newly discovered vulnerability on the mailing lists, but the exact mechanism is a bit difficult to follow.
So the primer described here…
1/n pic.twitter.com/mvvS8bEc5f
— mononaut (@mononautical) October 21, 2023
At the time, Riard said the new attack class put Lightning in a “dangerous situation,” although other Bitcoin developers like “Machine98” pointed out that it was a difficult attack to pull off in the first place.
Riard told Cointelegraph that he is now working on Bitcoin's base layer to solve the problem and urged Lightning developers to follow suit.
“[They need to] Get up, stop sleepwalking, and head to the whiteboard to work with other developers to design a robust and sustainable base-layer architecture that maintains long-term decentralization and lightning transparency.
Riard also says that many lightning-focused companies are undermining the capitalists' interests in favor of lightning missions and safety incentives:
“The sad reality is that most of them are working for VC-funded entities or businesses with similar short-term preferences, to the long-term detriment of end users.”
Riard argues that this is an example of the “tragedy of the commons” – where individuals and entities with public resources manipulate and deplete them for their own interests.
Decentralization seems to be a trade-off these VC-funded lightning companies are willing to make, a big concern for Riard.
“Centralized systems are great in terms of efficiency, but they come with fundamental risks that one would want to protect against as a Bitcoiner, besides the systemic single-point-of-failure and low cost of user censorship.”
“I'm not sure if this future lightning is fun,” said Riard. It's something no class needs after it exits the Lightning ecosystem on October 20.
“I don't want to be associated with the security of the Lightning Network and being responsible or liable if ~5,300 BTC is exposed. There is little [I and others] Censorship resistance and a lightning network can act to stop the bleeding without violating core values.
Lightning is currently the best solution, but it is not enough.
Lightning has several fundamental weaknesses, each of which makes the system as a whole a dead end for bitcoin, for a long time. An attempt to explain these, and what to do instead.
Liquid…
— torkel (@torkelrogstad) November 20, 2023
Related: Bitcoin Lightning Network Growth Increases 1,200% in 2 Years
The Lightning Network is a second-layer solution built on the Bitcoin blockchain. It is designed to improve the efficiency and effectiveness of Bitcoin.
Through the Lightning Network, users can open payment channels, perform multiple transactions off-chain, and adjust the final results on the Bitcoin blockchain. The alternate cycling attack is a new type of attack that allows an attacker to steal funds from a channel participant by exploiting conflicts between individual mempools.
Cointelegraph reached out to Lightning Labs and other organizations in the Lightning ecosystem and did not receive a response.
Make no mistake here: Lightning is great! You will always be amazed when you use it. The point is that it is not measured enough. And Ark is not a competitor, but an add-on. It gives you all the benefits of Cashu but without the need for trust.
All we need is a promise. Ideally, CAT https://t.co/nhrmvqPYf0
— robin linus (@robin_linus) November 19, 2023
However, despite security concerns and the potential for centralization, Riard explained that Lightning hasn't seen as many attacks as Ethereum's Layer 2s because Lightning users only store small amounts of money in their wallets at any given time.
A total of $194.1 million in BTC is locked in the Lightning network, according to DeFillama.
Magazine: Should You Give Kids the ‘Orange Pill'? The issue of Bitcoin children's books
