A document published by Bitcoin developers claims that Lighting Network user funds are at risk of being stolen. All this taking advantage of a security vulnerability detected in this second layer solution.
El document qualified Time-Dilation Attacks on the Lightning Network reveals the possibility of a hacker carrying out an attack known as a “time dilation attack.” This attack can cause an extension of the block delivery time. When overshadowing or isolating victim nodes from the network of honest nodes.
Likewise, Bitcoin developers, Antoine Riard y Gleb Naumenko, revealed that through the time dilation attack it is possible to carry out 3 attack vectors. The developers note that these currently appear to be the common and most practical way hackers can steal funds locked on the network. Lighting Network (LN). Furthermore, they indicate that these attacks are executed through a Eclipse attack. Let us remember that an Eclipse Attack isolates the users' network connection. Sending a lot of fake data about the blockchain they belong to. Using malicious nodes under the control of the attacker.
As we mentioned, the document describes the 3 possible ways an attacker can steal funds from LN network users. Likewise, the authors of the report point out that they are focused on analyzing the effects of these attacks on LN. But these attacks can also be executed in other second layer protocols similar to this network.
It should be noted that the network Lightning Network (LN) is a second layer implementation designed to provide speed and rapidity in Bitcoin transactions. This is with the aim of overcoming the original scalability problems that this system presented.
It may interest you: Let me tell you about ransomware and its current situation 2019/20
How is time dilation attack executed on Lighting Network?
In time dilation attacks, a malicious actor slows down the delivery of blocks to the victim. Which is carried out through an Eclipse Attack. To then reveal an expiration status at the time of block delivery within the LN network. All this before the victim node can realize that it is being attacked.
Let us remember that the Eclipse attack, or Eclipse Attack In English, it is a network attack that manipulates the data received by users of a blockchain. With the purpose of isolating them and disconnecting them from the network to carry out malicious activities against the victims.
The Eclipse attack is possible thanks to peer-to-peer (p2p) connections between nodes on a blockchain. Which have a limitation on the number of connections. For example, in the Bitcoin network nodes can establish secure connections with a maximum of 8 nodes. Likewise, within the LN network, nodes can establish connections with a limited number of nodes. So nodes are prone to hijacking relatively easily.
For their part, the developers specify that although in LN the nodes are mainly managed by large service providers, attackers can easily cover the high costs of these attacks. Once it is clear that they have taken all of the victim's available funds.
Likewise, Riard and Naumenko point out that to carry out these attacks, Malicious actors may only need a couple of hours. In addition, they point out that users who implement light clients to receive information from the Bitcoin blockchain are the most prone and vulnerable to attack. And once the nodes are “eclipsed” there is a 93% chance that the attack will be successful.
Possible ways to carry out the attack
First of all, the developers argue that Through the creation of a payment channel, attackers can execute the Eclipse attack and apply time dilation. This delays the delivery of the block, but it is an aspect that may not be immediately perceived within the network. Since blocks are mined approximately every 10 minutes. But this is a time that can be advanced or extended depending on the difficulty of the network.
So, by introducing a time dilation and creating a payment channel, the attacker can get hold of the victim's funds. Directing them to their own address to take possession of these funds.
In second place, implementing time dilation attack alongside Eclipse may result in threshold for double spending. Where the attacker can carry out several transactions with the same amount of coins. Similar to how this direct attack on the Bitcoin blockchain would occur. Thus, in the longest chain, one of the payments will be made. While the other payment will be rejected by the network.
In case of Eclipse attack, the node that is manipulated under the attack thinks that the transactions received are valid. So it informs the victim that the transactions have been made successfully.
The third attack vector basically manipulates the security measures of HTLCs (Hash Time-Lock Contracts). This is in order to allow the attacker to extract funds from the channel without the victim being able to do anything to counteract it. This attack differs from the previous one because an attacker only needs one channel with a victim, but it must also be selected for a payment path.
This attack differs in the way an attacker terminates the chain channel while stealing funds (by expiring a stolen HTLC). This way, the victim cannot claim the funds from her once the channel is closed. The obvious error lies in the implementation of HTLC and the way they work. Therefore, they must be improved to avoid this type of attacks.
Continue reading: Erebus, an attack that can censor Bitcoin
