The Lightning Network (LN) has enjoyed rapid growth over recent years, and has become the most popular scaling solution for the Bitcoin blockchain. The network consists of payment channels that hold different amounts of BTC in their capacity. The security of the LN hinges on the ability of the nodes to close a channel by settling their balances, which requires confirming a transaction on the Bitcoin blockchain within a pre-agreed time period. This inherent timing restriction that the LN must satisfy, make it susceptible to attacks that seek to increase the congestion on the Bitcoin blockchain, thus preventing correct protocol execution.We study the susceptibility of the LN to mass exit attacks, in the presence of a small coalition of adversarial nodes. This is a scenario where an adversary forces a large set of honest protocol participants to interact with the blockchain. We focus on two types of attacks: (i) The first is a zombie attack, where a set of 𝑘 nodes become unresponsive with the goal to lock the funds of many channels for a period of time longer than what the LN protocol dictates. (ii) The second is a mass double-spend attack, where a set of 𝑘 nodes attempt to steal funds by submitting many closing transactions that settle channels using expired protocol states; this causes many honest nodes to have to quickly respond by submitting invalidating transactions.We show via simulations that, under historically-plausible congestion conditions, with mild statistical assumptions on channel balances, both of the attacks can be performed by a very small coalition. For example, a coalition of just 30 nodes could lock the funds of 31% of the channels for about 2 months via a zombie attack, and could steal more than 750 BTC via a mass double-spend attack, if the watchtowers algorithms do not make use of sophisticated strategies.To perform our simulations, we formulate the problem of finding a worst-case coalition of 𝑘 adversarial nodes as a graph cut problem. Our experimental findings are supported by a theoretical justification based on the scale-free topology of the LN. We emphasize that the proposed attacks should not be considered as an issue of the protocol design, but rather as an inherent issue of payment channels network without general computability on layer-1.
CCS CONCEPTS• Security and privacy → Distributed systems security.