Bitcoin Lightning Engineer highlights Lightning flaws after leaving their team

Joost Jager used to be a part of Bitcoin Lightning team and yesterday, he announced on twitter that he will be leaving their team to work on other projects.

He criticized lightning network by saying that it has not been battle-tested. If script kids would be interested, they could take down those shiny new 5 BTC wumbo channels with negligible cost and no effort at all.

He said that the underlying issue is that a channel cannot hold more than 483 htlcs at a time, regardless of the channel capacity. Sending 483 micro-payments to yourself and holding on to the htlcs is enough to incapacitate a channel for up to two weeks.

He added that by utilizing the max route length to add loops, each payment can consume up to 9 htlc slots on the target channel. If the script kid is lucky, they only need to send 54 payments to get it done. A single tiny channel takes double-digit amounts of bitcoin out of business.

Here you see him locking up ~5800000 sat with a refundable 18 sat payment looping five times through three mainnet channels owned by Bitfinex exchange and OpenNode. For basically as long as he wanted.

Bitcoin is broken. We fix it with LN. LN is broken. We fix it with…. maybe just stop with bitcoin in the first place… its not an oldtimer where you can buy parts to fix it. Its an oldtimer with a motor that never worked

— bartbobbie (@bartbobbie45) September 22, 2020

Wanting to become the world’s payment system sounds good, but then we can’t have trivially exploitable vulnerabilities like this. Therefore, he has started a new project called Circuit Breaker: a firewall for Lightning nodes. The primary goal is to encourage thinking about this problem, with the potential to grow into a full-fledged Lightning protection system.