Previously unknown vulnerabilities have been discovered in older versions of the Lightning Network Daemon (LND)—a full node implementation of Bitcoin’s second-layer solution Lightning Network—according to an announcement published today by Conner Fromknecht, head of cryptographic engineering at Lightning Labs.
Partial LND Vulnerability Disclosure, Update to 0.11.x
Full disclosure will be published on October 20th 2020.https://t.co/1vnXLDME7G
— Conner Fromknecht (@bitconner) October 9, 2020
Per the post, the vulnerability affects LND versions 0.10.x and below. To safeguard themselves from these exploits, users should upgrade their software to LND 0.11.0 or higher as soon as possible, the announcement stressed.
The company stated that it will disclose full details of these new vulnerabilities on October 20—a bit sooner than usual due to unknown circumstances.
“The circumstances surrounding the discovery resulted in a compressed disclosure timeline compared to our usual timeframes. We will be publishing more details about this in the coming weeks along with a comprehensive bug bounty program,” the announcement noted.
Luckily, there is currently no evidence suggesting that these vulnerabilities have been exploited “in the wild” so far, the researchers added.
As Decrypt reported in mid-September, two developers stumbled upon several vulnerabilities that could’ve been used to shut down the entire Bitcoin blockchain—finding that they were still present in other blockchains that had used Bitcoin’s code. It goes to show that keeping blockchain technology safe is an endless task.