Excerpt
I explain the 2023 Replacement Cycling vulnerability of the Lightning network, who was affected, and how you can still use Lightning in a secure way.
While the Lightning network is constantly in development and still can experience bugs, the risks are often overstated. Specifically, the current vulnerabilities discussed in the Bitcoin community only affect Lightning nodes that route payments. Thus, most users like those with a Phoenix wallet are not impacted and funds are not as risk. Furthermore, developers have already implemented updates to mitigate the vulnerability. There is no need to worry!
However, to ensure safety, I always recommend not storing large amounts of money in Lightning wallets, but instead using on-chain, self-custody addresses.
Transcript
Development of the Lightning Network
The Lightning Network is in development as Bitcoin. I mean the developers are constantly working on it and therefore bugs can happen. They should not, of course, and that is also why in Bitcoin the development of new features and new options on the protocol is very slow. That is a deliberate (how you say) decision because otherwise all the money that is on the Bitcoin blockchain could be lost with just a small bug. That is why in Bitcoin it is not “build fast and break things” – it is the other way around.
Bugs and Developer Efforts
But of course bugs can happen and the Lightning Network, to develop it, is a very complex task. A lot of people are working on it and of course you will have bugs there as well. But to be honest, I was talking to a few developers, wallet builders, and people who really know their stuff about Lightning. They are going much more into details than I do, and they all told me: Yes, there are bugs, but yes, we also work on solutions for them and, no, your funds are not at risk.
Criticism and the Replacement Cycling Vulnerability
So, I think there is really not the reason, as many people or some people did in recent weeks on Twitter, to say: I am done with Lightning, this is doomed, and I would not use it. So, there was this replacement cycling vulnerability recently. There was also a lot of rumor and talk about it. A potential attack opportunity on Lightning nodes.
Scope of the Vulnerability
And it is not the end for Bitcoin. As I said, I talked to engineers. They said the dimensions of this vulnerability are totally overblown and the vulnerability is only affecting routes that are – sorry – Lightning nodes that are also routing payments. So if you are a user, like with a Phoenix Wallet, and you only use your channel to initiate and receive payments, then you are not affected.
Fixes and Recommendations
And since the disclosure, also already implementations have happened and have been done and the Lightning Network vulnerability is a little bit, is mitigated, you know. So people, developers, are always working on the protocol and also on the Lightning Network. But I think there is really no reason to be scared to lose funds or something like that.
Lightning Is Still Experimental
But nonetheless, Lightning is much more experimental still than the Bitcoin network. So as I said before, if you have 1000 dollars on Lightning, I would swap them to an on-chain address and only keep maybe 100 or 50 or 20 or 10 dollars in my Lightning. So then you are safe.
