Replying to Avatar fiatjaf

"Lightning nodes are dangerous hot wallets", they said.

After 5 years, 15000 nodes and 5 BTC hanging in these poorly-run, amateurish hot wallets exposed to the open internet, not a single attack was noticed. What do we think about that?

#[1] #[2] #[0]
Avatar
ryanthegentry 2y ago 💬 2

It’s a really good question. I’d say it’s been really hard for a single attacker to actually steal funds en masse due to lack of single honeypots and isolation of funds in different channels with different counterparties. This might change as amounts get bigger, but the incentive design means payoffs should never be asymmetric like we see if DeFi (tiny effort, huge theft potential).

It’s not as hard to grief a node via channel jamming but the attacker can’t directly steal money, can just enjoy the pleasure of being an asshole for a while. Hence why lower hanging fruit attacks haven’t really been exploited yet.

Reply to this note

Please Login to reply.

Discussion

Avatar
fiatjaf 2y ago

I thought the actual concern was with hackers gaining direct access to servers, then just sshing and moving the funds to themselves, not some convoluted weird Lightning-specific attack. We didn't see any of these hacks (but we did see hundreds of exploits in application code that manage users' balances).

Avatar
ryanthegentry 2y ago

Yeah true. Maybe we just got lucky that amounts were too small in LN while security was bad, that juicier targets existed while amounts increased, and now there’s pretty good remote signer stuff across different implementations to help mitigate 🤷‍♂️