Researchers found that the Lightning Network is vulnerable to DoS attacks. At this stage, they are very easy to implement, slowing down or even stopping 80% of payments, they warned.
Vulnerability was described by Saar Tochner, Aviv Zohar (Hebrew University of Jerusalem) and Stefan Schmid (University of Vienna).
Lightning payment passes through a network of nodes before reaching the recipient. If one of the nodes turns out to be an attacker, it can slow down the payment speed, say academics. For a successful attack, it is allegedly necessary to open several payment channels, promise zero commissions and then not broadcast payments.
By analyzing the principle of payment routing in different Lightning clients, an attacker can make his nodes more attractive, providing a high probability of a payment passing through them, the researchers said.
We can open channels that offer short and low-cost routes in the network which then are selected (almost always) for the route. We find that just five new links are enough to draw the majority (65% – 75%) of the traffic regardless of the implementation being used. Then, when a payment request comes in, we can just refuse to pass it onward. When a new path is selected […] the attacker channels are again selected for the route.
Researcher, Hebrew University of Jerusalem
According to him, the cost of an attack on 80% of all transactions will be $ 2000 and will require the opening of approximately 20 payment channels.
In a commentary for CoinDesk, Lightning Labs developer Alex Bosworth emphasized that this is a rather dangerous attack, but the routing system in the LND client is constantly changing, making it a "moving target."
According to the Coindesk, the researchers haven’t seen this attack in the real world.