Lightning Vulnerability Discovered; LND Node Operators Urged to Upgrade ASAP

An undisclosed vulnerability in LND versions 0.10.x and below was revealed Thursday. Developers are urging node operators to update to the newest version.

Oct 9, 2020, 12:58 AM

Updated Aug 19, 2021, 4:51 AM

Election 2024 coverage presented by

A vulnerability in LND versions 0.10.x and below has been disclosed to the Lightning Labs team, according to engineer Conner Fromknecht in the Lightning Network developer channel Thursday. In light of the disclosure, the firm is urging node operators to upgrade to versions 0.11.0 or higher as soon as possible.

No known exploitations of the vulnerability have been found to date, but "circumstances surrounding the discovery resulted in a compressed disclosure timeline," Fromknecht said.
The vulnerability was "partially" disclosed with a detailed publishing of the findings promised Oct. 20.
Lightning Labs – one of three major implementations of the Lightning Network – released its newest v0.11.1-beta on Oct. 1.
Lightning Labs did not respond immediately to a request for comment.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.

William Foxley

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.

Read more about