Mass Exit Attacks on the Lightning Network

TL;DR

This paper analyzes the vulnerability of the Lightning Network to mass exit attacks under high congestion, demonstrating that small coalitions can cause significant disruptions through zombie and double-spend attacks, supported by simulations and theory.

Contribution

It introduces a formal framework for modeling and analyzing mass exit attacks on the Lightning Network, revealing its susceptibility to small coalitions under congestion.

Findings

Small coalitions can execute effective mass exit attacks.

Both zombie and double-spend attacks are feasible under realistic conditions.

Scale-free topology influences attack effectiveness.

Abstract

The Lightning Network (LN) has enjoyed rapid growth over recent years, and has become the most popular scaling solution for the Bitcoin blockchain. The security of the LN relies on the ability of the nodes to close a channel by settling their balances, which requires confirming a transaction on the Bitcoin blockchain within a pre-agreed time period. We study the susceptibility of the LN to mass exit attacks in case of high transaction congestion, in the presence of a small coalition of adversarial nodes that forces a large set of honest users to interact with the blockchain. We focus on two types of attacks: (i) The first is a zombie attack, where a set of k nodes become unresponsive with the goal of locking the funds of many channels for a period of time longer than what the LN protocol dictates. (ii) The second is a mass double-spend attack, where a set of k nodes attempt to steal funds by submitting many closing transactions that settle channels using expired protocol states; this causes many honest nodes to have to quickly respond by submitting invalidating transactions. We show via simulations that, under historically plausible congestion conditions, with mild statistical assumptions on channel balances, both attacks can be performed by a very small coalition. To perform our simulations, we formulate the problem of finding a worst-case coalition of k adversarial nodes as a graph cut problem. Our experimental findings are supported by theoretical justifications based on the scale-free topology of the LN.