- On October 9, 2022, Burak from Bitmatrix (a swap tool built on the Liquid Network) created and broadcast a transaction to the main Bitcoin network, spending a UTXO with a Tapscript multisig with a 998-of-999 threshold. This transaction had 998 individual signatures in the witness field, and was almost 0.1 MB in size, and kind of hilariously, reused the exact same public key for every one of the 999 participants in the multisig. This transaction caused a massive disruption for the Lightning Network by exposing a bug in LND and btcd (an alternative client for the Bitcoin network).
- Why did this affect LND, given that many people run Bitcoin Core underneath their LND instance? It is because LND uses the same code btcd does to receive and process blocks. So even if your LND node was running on top of Bitcoin Core, which would have properly validated the relevant block and not stalled, your LND instance would have refused to accept that block and stalled even though your main chain node continued progressing properly.
- Thankfully this issue was not widely exploited, but had this been discovered in the codebase before Burak's transaction was pushed to the blockchain, this could have been intentionally exploited by bad actors in a very tactical way. An individual, or a group of people, could have very easily opened a large number of channels on the network and swapped all of the money in those channels back to themselves on-chain through a submarine swap, leaving all of the funds in the channel on the other side, and then submitted a large Taproot transaction like Burak did, immediately closing out their channels using an outdated state.
- I hope this is a wake-up call to how important it is to ensure that consensus validation checks are all in sync with each other across software in this space, as without that synchronicity between everything there isn't actually a singular coherent Bitcoin network.
This Month in Bitcoin Privacy (TMIBP) is a newsletter about privacy-related technology developments, events, and conversations in Bitcoin that catch her eye, as well as the tools or strategies that can be used to protect our right to informational self-determination.
We set out to investigate potential improvements to Lightning on both the protocol level and in how it’s used. With an awareness of current privacy best practices and pitfalls, what else is possible to improve Lightning privacy?
This research is from July 23 2022 but it is particularly relevant today to due concerns surrounding the solvency of Genesis, their parent company Digital Currency Group, and DCG's exchange traded product GBTC.