Using LNsploit to Steal from LND nodesabytesjourney.com/using-lnsploit-to-steal-from-lnd-nodes/
11.4k sats \ 14 comments \ @TonyGiorgio 2 Nov 2022 bitcoin
write
preview
related posts
112 sats \ 1 reply \ @ln_cortado 5 Nov 2022
Hopefully this is a wakeup call to the lnd team...
Can't believe nobody stole thousands of dollars worth from unsuspecting nodes.
The scariest thing is this:
"LNsploit does not yet broadcast transactions with a held HTLC payment still in flight, which would allow you to steal funds in hours rather than the ~2-week channel timelocks."
@TonyGiorgio I asked some of the people you credit in the end of the blog post - would you care to clarify how this can actually be achieved? Perhaps even an edit on the post would help for future readers - but it sounds super scary that the 2-week lock can be circumvented through some way. Doesn't that point to a greater critical flaw in the protocol?
reply
112 sats \ 0 replies \ @TonyGiorgio OP 5 Nov 2022
It has to do with the CLTV values of HTLCs as payments are flowing through the network. I think most implementations have those set to just 40 blocks. So I believe there's going to be wider discussions that LN devs have to increasing that. The con to that is that stuck payments may mean that your funds are locked up longer and from a senders POV, a particular payment might look like it's pending for longer periods of time.
reply
100 sats \ 7 replies \ @kwintendb 3 Nov 2022
How do you get funds on an LNSploit node to open a channel? That option doesn't do anything for me.
reply
0 sats \ 6 replies \ @kwintendb 3 Nov 2022
Also, if I "open" a channel without having any funds. it says "channel opened".
reply
0 sats \ 5 replies \ @TonyGiorgio OP 3 Nov 2022
It uses the funds on the bitcoind node. Which if you're mining from with polar it should have funds.
reply
100 sats \ 4 replies \ @kwintendb 3 Nov 2022
connected it straight to a mainnet node brother
reply
100 sats \ 2 replies \ @TonyGiorgio OP 3 Nov 2022
Noooooooo lol. There's a few hardcoded regtests in the code, definitely not safe to do lol.
reply
100 sats \ 1 reply \ @kwintendb 4 Nov 2022
I would like to use it on mainnet to attack my own nodes. How can I else be sure they do what they claim to do? Keep up the good work and don't be afraid, I didn't come here to do safe stuff ;)
reply
0 sats \ 0 replies \ @kwintendb 4 Nov 2022
An Esplora API backend would be ideal for easier use on mainnet.
reply
0 sats \ 0 replies \ @kwintendb 3 Nov 2022
which didn't have any funds ( I think :grin:)
reply
12 sats \ 0 replies \ @031ef7d322 2 Nov 2022
Excellent write up, thanks for the tool and the walkthrough!
reply
10 sats \ 0 replies \ @024b48e80a 6 Nov 2022
Thanks for the tool and the walkthrough!
reply
10 sats \ 0 replies \ @shyfire 2 Nov 2022
this is epic
reply
10 sats \ 0 replies \ @dtonon 2 Nov 2022
Wow, interesting!
reply