Bitcoin Lightning bug could jam and steal millions of dollars

Bitcoin developer Antoine Riard has disclosed two new bugs that affect wealthy node operators within the Lightning Network, a payments protocol with over $500 million worth of BTC capacity.

The transaction jamming attack exploits Bitcoin Core software’s transaction selection, announcement, and propagation mechanisms of Lightning Network-connected Bitcoin full nodes.

Dubbed “transaction relay throughput overflow attacks,” the bugs allow an assailant to steal bitcoin (BTC) from the wealthiest Lightning nodes. Although there’s no evidence that a thief has actually exploited these bugs, Lightning implementation providers Éclair and Core Lightning are already working on software patches.

Specifically, the cost- and time-intensive attack is only worth the effort for victims with more than roughly $130,000 worth of BTC and is best suited for nodes holding above half a million dollars.

Bitcoin Lightning transaction relay throughput overflow attacks

The attack would enable a thief to steal funds from the victim’s Lightning channel by preventing time-sensitive transactions such as justice transactions from propagating through the network. After jamming the node for 32 Bitcoin blocks (Core Lightning defaults) or 140 blocks (Éclair defaults), the robber could make off with an irrevocable bounty.

In regular clock time, that would mean approximately 5.5 hours to steal from a default Core Lightning node or 24 hours for a node running Éclair default software.

By default, nodes limit the number of unconfirmed transactions they transmit or accept at any given time to reduce the chance of various denial-of-service (DoS) attacks. The attacker can conduct a high overflow jamming attack that blocks the victim from sending a justice transaction by continuously overwhelming the node with high fee rate transactions.

By default, a Bitcoin Core node will always choose to propagate the highest fee transactions first and queue lower fee transactions — even if one of those lower fee transactions is the nodes’ own Lightning Network justice transaction.

This is one bug that Core Lightning and Éclair are patching, thanks to Riard’s responsible disclosure.

Again, the high overflow jamming attack blocks the victim from sending an anti-theft transaction by continuously overbidding with higher fee transactions, hence the name “high overflow.”

For this reason, the attack is expensive — with initial estimates north of $130,000 throughout the hours of the attack.

In addition to this high overflow jamming attack, Riard explained another variation of the transaction jamming bug: low overflow.

A variation with thousands of low-fee transactions

The low overflow is a cheaper variant but less reliable for the attacker. Here, to save money, the attacker targets a victim trying to send a transaction to nodes with a maximum unrequested transactions queue of 5,000 per peer.

The attacker floods the victim with a large number of transactions using a minimum transaction fee rate. The victim then announces these transactions to its peers and the peers try to drain the queue by requesting those transactions. If the attacker can maintain a queue of over 5,000 transactions, the attack might be successful.

Technically speaking, the low overflow attack leverages Lightning nodes’ interaction with Bitcoin Core’s MAX_PEER_TX_ANNOUNCEMENTS default, causing inbound transactions to overflow this threshold.