Crypto

Lightning devs must ‘wake up’ and fix security bugs, not please VCs: Bitcoin dev

[ad_1]

Developers working on the Bitcoin layer 2 Lightning Network have become less security-oriented and more focused on producing cash flow for their investors, argues a former Lightning Network developer.

Bitcoin core developer and security researcher Antoine Riard, made headlines last month after leaving the Lightning ecosystem over concerns about a new attack vector called “replacement cycling,” which exploiters could potentially use to steal funds by targeting payment channels.

At the time, Riard said the new class of attacks puts Lighting in a “perilous position” though other Bitcoin developers such as “Machine98” suggested it is a difficult attack to pull off in the first place.

Riard told Cointelegraph that he’s now working at the Bitcoin base layer to address the issue and urged Lightning developers to follow suit:

“[They need to] wake up, stop the sleepwalking and go to the whiteboard to design a robust and sustainable fix in hand with other developers at the base-layer, preserving the long-term decentralization and openness of Lightning.”

Riard also claimed that many Lightning-focused firms are compromising Lightning’s mission and security incentives for the sake of pleasing venture capitalists:

“The sad fact being most of them are working for VC-funded entities, or commercial entities with the same low-time preference, at the long-term detriment of end-users.”

Riard said it’s a classic example of the “tragedy of the commons” — where individuals and entities with access to a public resource act in their own interest and deplete it.

Decentralization appears to be a trade-off that these VC-funded Lightning firms are willing to make, which is a major concern to Riard.

“Centralized systems are great in the scale of efficiency, however they come with the downside of systemic single-point-of-failure and lower cost of user censorship, fundamental risks that one might wish to hedge against as a Bitcoiner.”

“I’m not sure this is an interesting Lightning future,” Riard said. In fact, it is something which he wants no part of, after departing from the Lightning ecosystem on Oct. 20:

“I do not wish to be associated with being in charge or accountable of the Lightning Network security, and the ~5,300 BTC exposed here. There is little [I and others] can do to halt the haemorrhage, without compromising the core values of censorship-resistance and permissionless of the Lightning Network.”

Related: Bitcoin Lightning Network growth jumps 1,200% in 2 years

The Lightning Network is the second-layer solution built over the Bitcoin blockchain. It is designed to improve the scalability and efficiency of Bitcoin.

Through the Lightning Network, users can open payment channels, conduct multiple transactions off-chain, and settle the final result on the Bitcoin blockchain. The replacement cycling attack is a new type of attack that allows the attacker to steal funds from a channel participant by exploiting inconsistencies between individual mempools.

Cointelegraph reached out to Lightning Labs and other firms in the Lighting ecosystem but did not receive a response.

However, despite the security concerns and potential move toward centralization, Riard explained that Lightning hasn’t seen as many attacks as many Ethereum layer 2s because Lightning users typically only store a small amount of funds in their wallets at any given time.

A total of $194.1 million in BTC is locked in the Lightning Network, according to DeFiLlama.

Magazine: Should you ‘orange pill’ children? The case for Bitcoin kids books