Lightning network vulnerability discovered, upgrade immediately

Lightning network node operators running LND versions prior to the Oct. 1 version 0.11 upgrade have been urged to upgrade immediately after a vulnerability was discovered affecting LND versions 0.10 and below.

The vulnerability was made public in an Oct. 9 announcement from Lightning engineer Conner Fromknecht, Head of Cryptographic Engineering at Lightning Labs. Fromknecht said:

“While we have no reason to believe these vulnerabilities have been exploited in the wild, we strongly urge the community to upgrade to lnd 0.11.0 or above ASAP,”

Few details have been revealed so far, with Fromknecht assuring that the vulnerabilities will be disclosed in full on Oct. 20.

This is not the first time a vulnerability has been discovered in the Lightning network. Last year, Lightning Labs CTO, Olaoluwa Osuntokun, confirmed instances of Common Vulnerabilities and Exposures (CVE) “being exploited in the wild.”

Earlier this year, researchers warned about the privacy vulnerabilities in the Lightning network that could expose financial information of Bitcoin transactions that were believed to be anonymous.

Currently, Lightning Labs, Blockstream, and ACINQ are the three major teams working on the development of the Lightning network.