Lightning Network Faces A Major Risk As Denial Of Service Attack (DoS) Vulnerability Discovered
As Lightning Network channels gain attention across the public as a solution to the slow payments nature of Bitcoin, a simple but disruptive attack could be on the horizon for the layer two network.
A research paper titled, “Hijacking Routes in Payment Channel Networks: A Predictability Tradeoff” by Sarr Tochner, Aviv Sohar (both of Hebrew University of Jerusalem) and Stefan Schmid of University of Vienna, exemplifies a Denial-of-Service attack on LN networks based on route hijacking, According to the paper, the DoS attack allows the attacker to halt transaction or slow down transactions on the Lightning Network which would be a disaster for the network.
‘A dire state on Lightning Network’
The current state of the Lightning Network makes it vulnerable for this specific attack to occur. Hundreds of nodes currently available to verify the transactions but 60% of the transactions pass through five nodes. Widening the centralization scope, 80% of the transactions on LN pass through 10 nodes. This poses a disruptive risk for the network as a relatively small number of bad actors can take over the network and deny transactions to large section of the network.
However, what is more striking about the attack is that it is both simple and cheap to execute according to the paper.
A cheap denial of service attack
When selecting a node to pass through a transaction, the LN uses a number of factors to determine the best option. Of the multiple factors in consideration, low fees takes priority in most implementations which creates the problem for the network.
According to Sohar, the attackers can simply create links to the network and draw more routes to its node by asking for lower fees. A creation of five new links are enough to draw approximately 65% to 75% of the traffic to the bad actor’s node for a low price of “about $2000.”
“We can open channels that offer short and low-cost routes in the network which then are selected (almost always) for the route. Then, when a payment request comes in, we can just refuse to pass it onward. When a new path is selected […] the attacker channels are again selected for the route.”
Still low volumes on Lightning Network
While the magnitude of such an attack poses a major risk to global adoption of LN, the authors believe the volumes are still low on the LN payment channels which would not cause a huge impact.
“I think the network is just not in heavy use right now and disrupting it does not cause too much damage. The attack does not directly give funds to the attacker, so the incentive will only be there if lightning is heavily used as a payment network.”