Time-Dilation Attacks on the Lightning Network

TL;DR

This paper reveals that time-dilation attacks on the Lightning Network can allow attackers to steal funds by isolating victims and delaying block updates, highlighting the need for improved defenses against such attacks.

Contribution

It introduces novel time-dilation attack methods on the Lightning Network, demonstrating their practicality and potential for significant fund theft without requiring hashrate access.

Findings

Attacks can steal total channel capacity within 2 hours of eclipse.

Running 500 Sybil nodes can eclipse 47% of new light clients.

Time-dilation attacks are more practical than double-spending.

Abstract

Lightning Network (LN) is a widely-used network of payment channels enabling faster and cheaper Bitcoin transactions. In this paper, we outline three ways an attacker can steal funds from honest LN users. The attacks require dilating the time for victims to become aware of new blocks by eclipsing (isolating) victims from the network and delaying block delivery. While our focus is on the LN, time-dilation attacks may be relevant to any second-layer protocol that relies on a timely reaction. According to our measurements, it is currently possible to steal the total channel capacity by keeping a node eclipsed for as little as 2 hours. Since trust-minimized Bitcoin light clients currently connect to a very limited number of random nodes, running just 500 Sybil nodes allows an attacker to Eclipse 47\% of newly deployed light clients (and hence prime them for an attack). As for the victims running a full node, since they are often used by large hubs or service providers, an attacker may justify the higher Eclipse attack cost by stealing all their available liquidity. In addition, time-dilation attacks neither require access to hashrate nor purchasing from a victim. Thus, this class of attacks is a more practical way of stealing funds via Eclipse attacks than previously anticipated double-spending. We argue that simple detection techniques based on the slow block arrival alone are not effective, and implementing more sophisticated detection is not trivial. We suggest that a combination of anti-Eclipse/anti-Sybil measures are crucial for mitigating time-dilation attacks.