Stealing Sats from the Lightning Network Custodial Services (2022) \ stacker news ~security

pull down to refresh

Stealing Sats from the Lightning Network Custodial Services (2022)lightningnetwork.plus/posts/37

719 sats \ 10 comments \ @ek 13h security

Old post but still very relevant.

Interesting attack vectory

Cheap, but not free. A simple attack.

Simple, deposit funds into a custodial service then withdraw the funds, done. Congrats for your profit! I am sure you are thinking -"Those sats were mine anyway, right? How does this qualify as an attack?" Well, I forget to mention we also need to place a node that will be routing the payments between the custodial service and the receiving node. The routing node will collect a fee, hopefully the fee will be big enough so there is a net profit (i.e., withdrawal_fee + deposit_fee < routing_fee_collected). If a positive net return is possible, then it is just a matter of optimizing the size of the fee collected and the transaction speed rate to see how big the damage could be. It is easy to see how this attack must be feasible on any service with free withdrawal fee.

How do you place a node in the middle? Well, the sending node is in charge of selecting the route. A priori, it seems unlikely that the sender will select a very expensive route. However, there is a case when the sender will certainly have to send the payment trough our routing node. We will connect our receiving node to the Lightning Network only with a single channel to our routing node. Therefore payments, if they arrive at all, must always be relayed by ourselves.

65 sats \ 0 replies \ @ek OP 13h

My favorite part:

I wrote a simple python script able to generate local LN invoices and submit them to the exchange to process the withdrawals. It reached top speeds of up to ~300 withdrawals per minute (200 ms per withdrawal), simply wow! That makes for ~15K sats per minute. I did not optimize further the script, as the channel was already near being maxed out (current maximum pending HTLCs for a channel is 483 and they were taking long to settle). In addition, my RaspberryPi was getting CPU limited, I believe due to encrypting/decrypting the onion packages.

When your heist is limited by your own CPU haha

0 sats \ 1 reply \ @OT 12h

We will connect our receiving node to the Lightning Network only with a single channel to our routing node.

If the routing node charges too much the payment will likely fail due to high fees right?

0 sats \ 0 replies \ @ek OP 11h

You can lower the fee until the payment suceeds, then it's free money

43 sats \ 1 reply \ @Scoresby 13h

I have not tested this empirically (meaning I'm just going off the feels here) but I think most ecash wallets pass the routing fee on to the user when leaving the mint. Which wallets still exist that are custodial and that do free withdrawals? Is it WoS? I haven't used them in a good while...

107 sats \ 0 replies \ @ek OP 13h

This should be a pretty well-known attack by now.

I remember that Kraken allowed free lightning withdrawals though.

Which wallets still exist that are custodial and that do free withdrawals?

Asking for a friend? haha

Is it WoS?

No, the post mentions they actually had the best security among those tested:

6. WalletOfSatoshi

WalletOfSatoshi charges the user the exact fee for the routing. It also does hold a reserve of 0.3% balance in case of unexpected high fee. This is the most conservative take together with that of OKex, in turn making these two services the least user friendly.

115 sats \ 0 replies \ @DarthCoin 12h

Yes, I've tested that on Muun wallet. You are able to steal sats from Muun that later are charged from other users to cover the loses. Using this garbage app nowadays is pure insanity and I warned about this long time ago.

Also another thing to mention about this: Muun was also bloating the block space:

https://xcancel.com/mononautical/status/1621663167582437376 https://xcancel.com/mononautical/status/1621893734156623872

0 sats \ 2 replies \ @BallLightning 9h

Isn't this what is called fee siphoning attack? Also what would prevent something similar happening in the hypothetical future where merchanta use lightning? A merchant sets a node with high fee between his node and you and charges high fees from his customers?

0 sats \ 1 reply \ @ek OP 9h

Yes, it's called fee siphoning and I believe wallets already do that. It's part of their business model. CashApp and ACINQ (the company behind Phoenix) are examples.

0 sats \ 0 replies \ @BallLightning 9h

I kind of think this is a problem 🤔. I think I encountered this also when purchasing a channel from blocktank. Incoming payments were a lot more expensive than the default fees from robosats. It took me a while to figure out why I can't receive the sats I purchased.