Developers working on the Bitcoin layer 2 Lightning Network have become less security-oriented and more focused on producing cash flow for their investors, argues a former Lightning Network developer.
Bitcoin core developer and security researcher Antoine Riard, made headlines last month after leaving the Lightning ecosystem over concerns about a new attack vector called “replacement cycling,” which exploiters could potentially use to steal funds by targeting payment channels.
How does a lightning replacement cycling attack work?
There’s a lot of discussion about this newly discovered vulnerability on the mailing lists, but the actual mechanism is a bit hard to follow.
So here’s an illustrated primer…
1/n pic.twitter.com/mvvS8bEc5f
— mononaut (@mononautical) October 21, 2023
At the time, Riard said the new class of attacks puts Lighting in a “perilous position” though other Bitcoin developers such as “Machine98” suggested it is a difficult attack to pull off in the first place.
Riard told Cointelegraph that he’s now working at the Bitcoin base layer to address the issue and urged Lightning developers to follow suit:
Lightning is the best solution currently available, but it’s not good enough.
Lightning has several fundamental flaws, where each of them make the system as a whole a dead end for bitcoin, long term. An attempt at explaining these, and what we should do instead.
Liquidity…
— torkel (@torkelrogstad) November 20, 2023
Riard also claimed that many Lightning-focused firms are compromising Lightning’s mission and security incentives for the sake of pleasing venture capitalists:
Don’t get me wrong here: Lightning is great! Always still amazed when using it.
The point is that it can’t scale enough. And Ark is not a competitor but more of an add-on. Gives you all the advantages of Cashu but without requiring trust.All we need is covenants. Ideally, CAT https://t.co/nhrmvqPYf0
— Ñobin linus (@robin_linus) November 19, 2023
Riard said it’s a classic example of the “tragedy of the commons” — where individuals and entities with access to a public resource act in their own interest and deplete it.
Decentralization appears to be a trade-off that these VC-funded Lightning firms are willing to make, which is a major concern to Riard.
“I’m not sure this is an interesting Lightning future,” Riard said. In fact, it is something which he wants no part of, after departing from the Lightning ecosystem on Oct. 20:
Bitcoin Lightning Network growth jumps 1,200% in 2 years
The Lightning Network is the second-layer solution built over the Bitcoin blockchain. It is designed to improve the scalability and efficiency of Bitcoin.
Through the Lightning Network, users can open payment channels, conduct multiple transactions off-chain, and settle the final result on the Bitcoin blockchain. The replacement cycling attack is a new type of attack that allows the attacker to steal funds from a channel participant by exploiting inconsistencies between individual mempools.
Cointelegraph reached out to Lightning Labs and other firms in the Lighting ecosystem but did not receive a response.
However, despite the security concerns and potential move toward centralization, Riard explained that Lightning hasn’t seen as many attacks as many Ethereum layer 2s because Lightning users typically only store a small amount of funds in their wallets at any given time.
A total of $194.1 million in BTC is locked in the Lightning Network, according to DeFiLlama.
Should you ‘orange pill’ children? The case for Bitcoin kids books