Share this article
A Dangerous Bug in Bitcoin's Lightning Network Has Been Fixed
Bitcoin developer Rusty Russell disclosed Friday the lightning network vulnerability that forced software upgrades in July.
Updated Sep 13, 2021, 11:30 a.m. Published Sep 27, 2019, 6:45 p.m.
A popular payments network running atop the bitcoin blockchain suffered from a long-standing code vulnerability – one where attackers could drain users’ of their money.
While initially flagged to the public on Aug. 30 by bitcoin developer Rusty Russell, the full disclosure detailing how this vulnerability could be exploited by an attacker was released Friday.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
“An attacker can claim to open a [lighting payments] channel but either not pay to the peer, or not pay the full amount,” Russell wrote in the full disclosure.
The lightning network is a Layer 2 payments protocol enabling ultra-fast and nearly costless transactions atop the bitcoin blockchain. In order for users to send transactions across the lightning network, they must open what are called “payments channels” to send and receive funds from other lightning users.
Without the proper checks, an attacker could pretend to open a new payments channel and send fake transactions. Being duped, an honest user could then send back real money to the attacker not knowing the previous transactions had been completely artificial. It’s unclear how many users fell victim to such attacks.
Already, all major lightning software clients have been upgraded to fix this vulnerability, according to Russell.
When asked why it took three months for the vulnerability to be disclosed to users, Pierre-Marie Padiou – the CEO of a company maintaining one of the three most popular lightning implementations – said developers had to err on the side of caution.
“The problem with this vulnerability is that once you know about it, it seems so obvious,” said Padiou. “Three months is not a long time. It’s a pretty short time because you have to give users the amount of time needed to update. … A lot of users don’t do it.”
Lightning developers, he added, did not want to risk revealing the vulnerability until absolutely sure no users were at risk.
“There are always problems. Even on the bitcoin protocol, there have been bugs,” Padiou said, adding:
“There will always be bugs. What matters the most is how to handle this in the best way to protect users.”
Acinq software developer Bastien Teinturier image via Twitter
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
BTC, ETH, SOL, ADA Pull Back Ahead of Fed Meeting Where Rate-Cuts Expected
Market depth in smaller tokens remained thin, echoing the uneven liquidity that has characterized December trading so far.
What to know:
- Bitcoin briefly surpassed $94,000 before retreating to $92,500, as investors await a key Federal Reserve decision.
- Altcoins showed mixed performance, with Ether rising 7% and Cardano jumping 8.5%.
- Analysts debate whether Bitcoin's recent volatility signals a market bottom or continued uncertainty.
Top Stories
