The two researchers, Cosimo Sguanci and Anastasios Sidiropoulos, published a paper where they explained the vulnerability in the Layer 2 network using a hypothetical case where malicious nodes can collude for an attack.
“A coalition of just 30 nodes could lock the funds of 31% of the channels for about 2 months via a zombie attack, and could steal more than 750 BTC via a mass double-spend attack.”
According to the paper, a zombie attack is a form of vandalism that congests the network and make the lightning network unusable.
A zombie attack is a scenario where some nodes are unresponsive, thereby locking funds connected to these nodes.
The paper stated that the only way to defend against this attack would be for the honest nodes to close their channel and return to the Bitcoin Layer 1 network. But that will cost a lot in transaction fees.
Double spend attack
Another type of mass exit attack discovered by the researchers is the double-spend attack. The attack would require the cooperation of several malicious nodes to overload the Bitcoin Layer 1 blockchain with fraudulent closing transactions.
If the attackers can pay the high fees resulting from the network congestion, they will be able to skip the queue and double spend Bitcoin.
But this attack is only possible when there is a flaw in the configuration of one of the Lightning Networks watchtowers.
The watchtowers keep track of the state of the Lightning Network and store all data used for regular transactions, also called justice transactions.
Honest nodes will have to submit justice transactions to dispute the fraudulent requests, so if all watchtowers are working effectively, it is easy to ascertain fraudulent channel closing requests.
A poorly maintained watchtower can provide the perfect entry point for a mass double-spend attack, which could significantly affect the victims.
A double spend attack would be disastrous for the network
The researchers wrote that a double-spend attack could be the most catastrophic if it happens.
They added that the severity would only increase as the network continues to develop, hence the need to deal with the vulnerabilities effectively and immediately.
They concluded by recommending the careful configuration of watchtowers. “Ideally, they should monitor layer-1 congestion and respond aggressively in the case of high congestion,” the paper noted.
The new revelation further adds to the list of other vulnerabilities on the network, such as a Griefing attack, Flood and loot, time dilation eclipse, and pinning.
Meanwhile, despite these vulnerabilities, malicious players have been unable to exploit the network.