Lightning devs must ‘wake up’ and fix security bugs, not please VCs: Bitcoin dev

Developers working on the Bitcoin layer 2 Lightning Network have become less security-oriented and more focused on producing cash flow for their investors, argues a former Lightning Network developer.

Bitcoin core developer and security researcher Antoine Riard, made headlines last month after leaving the Lightning ecosystem over concerns about a new attack vector called “replacement cycling,” which exploiters could potentially use to steal funds by targeting payment channels.

How does a lightning replacement cycling attack work?

There’s a lot of discussion about this newly discovered vulnerability on the mailing lists, but the actual mechanism is a bit hard to follow.

So here’s an illustrated primer…

1/n pic.twitter.com/mvvS8bEc5f

— mononaut (@mononautical) October 21, 2023

At the time, Riard said the new class of attacks puts Lighting in a “perilous position” though other Bitcoin developers such as “Machine98” suggested it is a difficult attack to pull off in the first place.

Riard told Cointelegraph that he’s now working at the Bitcoin base layer to address the issue and urged Lightning developers to follow suit:

“[They need to] wake up, stop the sleepwalking and go to the whiteboard to design a robust and sustainable fix in hand with other developers at the base-layer, preserving the long-term decentralization and openness of Lightning.”

Riard also claimed that many Lightning-focused firms are compromising Lightning’s mission and security incentives for the sake of pleasing venture capitalists:

“The sad fact being most of them are working for VC-funded entities, or commercial entities with the same low-time preference, at the long-term detriment of end-users.”

Riard said it’s a classic example of the “tragedy of the commons” — where individuals and entities with access to a public resource act in their own interest and deplete it.

Decentralization appears to be a trade-off that these VC-funded Lightning firms are willing to make, which is a major concern to Riard.

“Centralized systems are great in the scale of efficiency, however they come with the downside of systemic…..

Source

Recommended For You

Leave a Reply

Your email address will not be published. Required fields are marked *