The Lightning Network is a young protocol, and it’s going through some technical growing pains as its tech stack grows and its network expands. While most of the vulnerabilities (covered in part one of this series) are neither protocol-breaking nor easy to exploit, they’re still reminders that improvements come with trade-offs – and that security and usability are two sides of the same coin.
This is the second article in our two-part series on existing vulnerabilities in Bitcoin’s Lightning Network. Part one detailed the outstanding vulnerabilities and their risk factors. Part two will examine why these weak spots have never been exploited, what changes may be made to fix them and the developing trade-offs that come from balancing user-friendly applications and air-tight security.
Vulnerable, but never exploited
For all of the Lightning network protocol’s vulnerabilities, no one has exploited them yet. It seems that, right now, they’re either too difficult to pull off for most hackers or there’s not enough at stake in Lightning channels to justify the effort, Joost Jager, an independent Lightning network engineer, told CoinDesk.
Also, most everyone using Lightning right now is friendly and non-adversarial, so things have remained generally peaceful on Bitcoin’s scaling frontier.
To some extent, however, Jager would welcome a little adversity. After all, it’s all well and good to have vulnerabilities that no one exploits, but what happens when the “kumbaya” stops, attackers get savvy and Lightning has enough money in it to justify an attack?
Read more: What Is Bitcoin’s Lightning Network?
Before that day comes, Jager would like to see more “battle testing” of Lightning’s network so these attack vectors aren’t ignored until they can’t be any longer.
“I think it would help if Lightning would become a target for hackers. Because right now everything is so friendly; it’s not really tested. I think it would be good at this stage because it helps you set your priorities. If you’re under attack, then you need to address the attack. And if you can’t, then there are fundamentals you have to address.”
“It almost feels like you’re going to prepare Earth for a meteor that will destroy life but it hasn’t happened! If there’s no actual attack then it’s hard to keep attention on these problems.”
As Jager pointed out, all the dominant actors on the network today are more focused on collaboration than subterfuge.
“All of the people building at the moment are all friendly and just want to make Lightning work and succeed,” Jager told CoinDesk.
Indeed, the total number of technical savants who understand Bitcoin and its Lightning Network inside and out could fit inside a small room. Couple this with the fact that Lightning isn’t a large enough honeypot for hackers to bother exploiting and you have an answer for why the network hasn’t been targeted by malicious actors.
“Exploiting LN requires a strong…