Abstract

Lightning Network (LN) is a widely-used network of payment channels enabling faster and cheaper Bitcoin transactions. In this paper, we outline three ways an attacker can steal funds from honest LN users. The attacks require dilating the time for victims to become aware of new blocks by eclipsing (isolating) victims from the network and delaying block delivery. While our focus is on the LN, time-dilation attacks may be relevant to any second-layer protocol that relies on a timely reaction. According to our measurements, it is currently possible to steal the total channel capacity by keeping a node eclipsed for as little as 2 hours. Since trust-minimized Bitcoin light clients currently connect to a very limited number of random nodes, running just 500 Sybil nodes allows an attacker to Eclipse 47\% of newly deployed light clients (and hence prime them for an attack). As for the victims running a full node, since they are often used by large hubs or service providers, an attacker may justify the higher Eclipse attack cost by stealing all their available liquidity. In addition, time-dilation attacks neither require access to hashrate nor purchasing from a victim. Thus, this class of attacks is a more practical way of stealing funds via Eclipse attacks than previously anticipated double-spending. We argue that simple detection techniques based on the slow block arrival alone are not effective, and implementing more sophisticated detection is not trivial. We suggest that a combination of anti-Eclipse/anti-Sybil measures are crucial for mitigating time-dilation attacks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.