With less than half a bitcoin, the attackers can congest networks like LN and Raiden until they stop. The vulnerability of both networks is found in the hashed time-locked contract (HTLC).
Payment channel networks, such as Lightning Network and Raiden, are vulnerable to transaction overload or channel congestion attacks. This is stated by two researchers from the University of Jerusalem in a report on the ability of these attacks to stop the operation of both networks.
Ayelet Mizrahi and Aviv Zohar are the two academics in charge of this research, which is entitled “Congestion attacks in payment networks.” The report states that a low-cost attack that paralyzes the Lightning Network (LN) can be conducted for several days.
The hackers would only have to make multiple small payments on the same path and keep them without confirmation. In this way, an overload of requests would occur on the channel that would not allow the transit of new payments, thus keeping the network inactive.
It should be highlighted that the attack would exploit as a vulnerability one of the most important LN and Raiden tools, known as “hashed time-locked contracts” (HTLC). This type of electronic payment ensures the proper processing of a transaction, by blocking the funds and subsequently requesting confirmation.
The Way to Do It
The number of HTLC payments that can be made on a channel is limited, being 483 for the Lightning Network and 160 for Raiden. The waiting time to confirm or cancel a transaction is also very long for both networks, which may even become two weeks on Lightning Network.
As these payments are private, it is impossible to know its origin or its destination, which allows the hackers to conduct this attack campaign with total impunity. They only need to spam their favorite network path, after adding a node.
The researchers assume that paths with a lot of movement and large funds will be the favorite of the hackers, who will open channels under those same routes and request several small payments. The idea will be to exhaust the maximum number of HTLC that can be sent on a path and not confirm any payment; thus, ensuring the full congestion of several channels.
Given that HTLC contracts do not have an immediate closure, the attacker can keep them without confirmation for weeks and even prevent their closure by upgrading the node. In this way, a malicious actor can isolate a group of channels or nodes, and even completely stop the entire network, at the cost of less than half a bitcoin.
The researchers recommended making some modifications to the operation of HTLC contracts, such as creating a second mechanism that imposes a waiting time limit for the confirmation of the neighboring payment. If a user does not comply with this established time, his or her channel can be deactivated to prevent spam on the network.
Lightning Network and Raiden are considerably young networks, considering that their first designs date from 2016. Since they are under development, certain errors and possible vulnerabilities have appeared in their codes that can be used by malicious actors.
By Alexander Salazar