Using LNsploit to Steal from LND Nodes: How to Exploit the Recent Transaction Bugs

This post walks through how to use LNsploit to steal funds from an LND node affected by some of the recent critical bugs, in regtest.By now you might have heard of a few different bugs ([1],[2]) with LND that has left the Lightning Network temporarily crippled and most nodes in a state where funds can be stolen from them. This has occurred twice within a month and is due to LND’s reliance on a library that also pretends to be a bitcoin node and is seldom looked at or maintained, called BTCD ([3],[4]).Luckily the fix was released within a day, both times. So most people would not lose funds if they updated promptly, though there are still some HTLC edge cases that exist that would allow an attacker to take off with funds within even a few hours. If you’ve been in a coma and you’re just now hearing about this, I’m sorry. The responsible thing to do is to close your channels before you go into a coma.

Blog Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Generated by Feedzy