ok, so the actual Lightning devs seem to be saying that real-world instances of the exploit have happened, not just a bunch of whiners from competing cryptocurrencies. That's not to say that someone couldn't be deceiving the devs, you have to take these claims on trust, as it'd be simple to falsify any evidence. But I guess that must be the underlying point: some person who the Lightning devs genuinely trust have reported this to them.
Topic: [2019-09-29] A Dangerous Bug in Bitcoin’s Lightning Network Has Been Fixed (Read 359 times)
October 05, 2019, 07:10:55 PM
?
October 05, 2019, 05:15:02 PM
^^^
see what I'm talking about, anyone?
see what I'm talking about, anyone?
October 04, 2019, 09:47:03 PM
@1Referee. Where is the fud? You also agree on the bugs and more hidden bugs. You have also mentioned that there are tradeoffs.
Also, I am wrong about saying the Lightning network is transforming bitcoin from safe to unsafe money. I should have said from safe transactions to unsafe transactions.
Also, I am wrong about saying the Lightning network is transforming bitcoin from safe to unsafe money. I should have said from safe transactions to unsafe transactions.
October 04, 2019, 03:55:17 PM
@1Referee. Unknown bugs and attack vectors are fud? Will it stop to be fud only until someone loses his money because of a bug in the Lightning network?
I never said bugs in Lightning are fud. I don't even rule out that more bugs will be found this year.
The main fud part is where you said that Lightning can quickly transform Bitcoin as secure money into Bitcoin the unsafe money. That's incorrect. It has always been clear to anyone using it that there are certain tradeoffs when using Lightning. If you want to enjoy the uttermost security, then just conduct on-chain transactions.
Nothing will change how on-chain transactions work and no security will be lost due to Lightning. Bitcoin and Lightning are two different transactional foundations.
October 03, 2019, 07:49:08 PM
@1Referee. Unknown bugs and attack vectors are fud? Will it stop to be fud only until someone loses his money because of a bug in the Lightning network?
October 02, 2019, 12:16:02 PM
However, I shake my head on how the Lightning network can quickly transform bitcoin as secure money into bitcoin, the unsafe money.
Do not listen to people who are encouraging everyone to be reckless.
Do not listen to people who are encouraging everyone to be reckless.
Bitcoin transactions might be insecure in the Lightning network because of unknown bugs and attack vectors.
No one agreed because it is an unpopular opinion.
No one agreed because it was pure fud. You can't expect to say something that is factually incorrect without being pointed at that. Please read both opinions of yours above and tell me how fundamentally different both opinions are. It's not an attack on you at all, so please don't see it as such, but there are newbies reading through this forum too, and they might take your initial words for granted. October 02, 2019, 08:37:48 AM
I know I might be wrong sometimes, however, is it not right for someone to criticize, to question and to make skeptical comments in the forum anymore? Is it deserving for someone to be accused of opening a discussion because I only want attention?
The argument does not need to be deciphered. No one agreed because it is an unpopular opinion.
It's not necessarily that your opinion is unpopular, or that you can't question certain things, but the way it was understood by people (due to your wording) is the actual problem. The argument does not need to be deciphered. No one agreed because it is an unpopular opinion.
Bitcoin transactions might be insecure in the Lightning network because of unknown bugs and attack vectors. True or false?
True. If you worded it like that I'm sure your previous statement wouldn't have backfired on you. 
October 02, 2019, 06:51:37 AM
well, they believe it really happened, and that's all we (and they) have: belief
like I said, it's be easy to fake this, so I guess they must trust whoever reported it to them. The data could be totally correct, but the person reporting it could have known about the bug, and stole the money from themself, then presented the thief as a 3rd party when in fact they "stole" their own money.
not seen the details, so I have no info as to how much was lost
like I said, it's be easy to fake this, so I guess they must trust whoever reported it to them. The data could be totally correct, but the person reporting it could have known about the bug, and stole the money from themself, then presented the thief as a 3rd party when in fact they "stole" their own money.
not seen the details, so I have no info as to how much was lost
As I said someplace else. It was known and discussed informally by a small group @ DefCon back in early August.
However since:
(a) I really didn't pay attention to it
(b) everyone I mentioned it to after accused me of FUD
(c) since it was just a bunch of people sitting around drinking & talking at a bar I had no proof said conversation ever happened.
(d) I really didn't understand the attack (did I mention drinking at a bar)
(e) the amount of funds I have on my lighting node won't buy 2 cups of coffee so even if all the of lightning network crashed it and I lost all of it, it would be a zero event for me at the end of the day.
I didn't follow up on it.
So there was more then 1 person who knew about it so it's a safe bet someone did something. That's just human nature.
As to how much. I doubt it was that much or there would be discussions about it. But that's just my opinion.
-Dave
October 02, 2019, 06:35:12 AM
well, they believe it really happened, and that's all we (and they) have: belief
like I said, it's be easy to fake this, so I guess they must trust whoever reported it to them. The data could be totally correct, but the person reporting it could have known about the bug, and stole the money from themself, then presented the thief as a 3rd party when in fact they "stole" their own money.
not seen the details, so I have no info as to how much was lost
like I said, it's be easy to fake this, so I guess they must trust whoever reported it to them. The data could be totally correct, but the person reporting it could have known about the bug, and stole the money from themself, then presented the thief as a 3rd party when in fact they "stole" their own money.
not seen the details, so I have no info as to how much was lost
October 02, 2019, 06:32:14 AM
ok, so the actual Lightning devs seem to be saying that real-world instances of the exploit have happened, not just a bunch of whiners from competing cryptocurrencies. That's not to say that someone couldn't be deceiving the devs, you have to take these claims on trust, as it'd be simple to falsify any evidence. But I guess that must be the underlying point: some person who the Lightning devs genuinely trust have reported this to them.
Is there any indication of how much has been stolen according to those making the claims? Tbh, I wouldn't expect the devs to come up with such statements if they haven't been given the data to review what actually has happened. If they did anyway, then that's a very poor show from the devs because it's more fuel to those looking to leverage it against Bitcoin.
October 02, 2019, 05:10:53 AM
ok, so the actual Lightning devs seem to be saying that real-world instances of the exploit have happened, not just a bunch of whiners from competing cryptocurrencies. That's not to say that someone couldn't be deceiving the devs, you have to take these claims on trust, as it'd be simple to falsify any evidence. But I guess that must be the underlying point: some person who the Lightning devs genuinely trust have reported this to them.
October 02, 2019, 02:54:50 AM
There are a lot of people who are rooting for Bitcoin to fail, and I wouldn't put it past them to lie about losing money.
I expected Roger to be super loud about it everywhere on social media, but it seems that it has gone past him, or he has paid sockpuppets to do the work for him now he has to maintain a more serious image as head of an exchange.
There were plenty of threads about it in r/btc the past few days, and the Bitcoin.com article reporting it actually claims that the bug was exploited at least once, but without evidence:
Quote from: https://news.bitcoin.com/hidden-lightning-network-bug-allowed-spending-of-fake-bitcoins/
...although conclusive evidence did show that at least one exploitation of the bug did occur “in the wild” on September 7.
So yeah, they probably did try to make it a bigger deal than it is.
October 02, 2019, 12:34:54 AM
I'd love for these guys to show proof they lost money to attackers. Far as I know, the only ones who've accidentally lost it is when they didn't update book balances and this was even last year.
IT was a theoretical risk yes, and it's great the bug was fixed, but hey, the whole reason it's still in testing and not yet recommended to the masses simply is that they expect many bugs to be found.
This isn't turning secure money to unsafe money.
IT was a theoretical risk yes, and it's great the bug was fixed, but hey, the whole reason it's still in testing and not yet recommended to the masses simply is that they expect many bugs to be found.
This isn't turning secure money to unsafe money.
October 02, 2019, 12:27:29 AM
Security issues are not that uncommon with cryptocurrencies. Fortunately in this case, it was fixed in relatively quick time. Lightning Network, ever since its implementation in 2018 played a huge role in reducing the transaction fees and speeding up the confirmations. And as far as I know, till now no one has ever blamed it for any of the major exchange hacks or any other robberies. Despite its status as a relatively new innovation, additional features such as watchtower has worked towards gaining the trust of cryptocurrency users.
Like it or not, Lightning is here to stay. A few minor bugs needs to be fixed, and that will be done in quick time.
Like it or not, Lightning is here to stay. A few minor bugs needs to be fixed, and that will be done in quick time.
October 01, 2019, 09:18:43 PM
@BitHodler. I am skeptical. They might be fake.
I'm obviously skeptical too, but we can't rule out any of these claims either. I'm trying to find the conversation on Twitter where I read the complaints but without success. My browser deletes history upon exit. I'll keep searching.Maybe that Carlton Banks can hop in to shed light on this matter as he is much closer to the workings and progress on the side of the developers, but I'm not sure if he's going to do so because it might feed the skeptics and haters.
In any case, I did not intend for this to irritate some people when I said Lightning network can quickly transform bitcoin as secure money into bitcoin, the unsafe money. But it did in a way, however.
It's important to choose your words wisely, because there is no other way to decipher what you wrote. Not the first time though.... I know I might be wrong sometimes, however, is it not right for someone to criticize, to question and to make skeptical comments in the forum anymore? Is it deserving for someone to be accused of opening a discussion because I only want attention?
The argument does not need to be deciphered. No one agreed because it is an unpopular opinion. Bitcoin transactions might be insecure in the Lightning network because of unknown bugs and attack vectors. True or false?
October 01, 2019, 06:37:11 PM
That is not actually scared problem, and do not scared upurself about the issue is part of the networking system to encounter mnimal problem. And do not listen to the people blaming crypto or bitcoin as also a dangerous investment.
October 01, 2019, 04:31:09 PM
There are a lot of people who are rooting for Bitcoin to fail, and I wouldn't put it past them to lie about losing money.
I expected Roger to be super loud about it everywhere on social media, but it seems that it has gone past him, or he has paid sockpuppets to do the work for him now he has to maintain a more serious image as head of an exchange.
Either way, it seems that everything we see news outlets report about nowadays has some fundamental agenda behind it, either to discredit Bitcoin, or to get the price to tank. The crap that's been written about hashrate drops and burned mining farm is an example of that. There is no shortage of ignorant people in crypto so these news outlets will keep spewing fud.
October 01, 2019, 03:09:50 PM
@BitHodler. I am skeptical. They might be fake.
I'm obviously skeptical too, but we can't rule out any of these claims either. I'm trying to find the conversation on Twitter where I read the complaints but without success. My browser deletes history upon exit. I'll keep searching.Maybe that Carlton Banks can hop in to shed light on this matter as he is much closer to the workings and progress on the side of the developers, but I'm not sure if he's going to do so because it might feed the skeptics and haters.
In any case, I did not intend for this to irritate some people when I said Lightning network can quickly transform bitcoin as secure money into bitcoin, the unsafe money. But it did in a way, however.
It's important to choose your words wisely, because there is no other way to decipher what you wrote. Not the first time though.... October 01, 2019, 12:50:08 AM
Well, could it be that they delayed telling the public until they fixed the bug. 
How helpful would it have been to tell everyone and expose them to the exploit and only then start working on the solution. 
How helpful would it have been to tell everyone and expose them to the exploit and only then start working on the solution. Yep, it seems to have been patched relatively quickly, and they held out the public announcement to give people time to upgrade to newer versions.
He didn't say that nothing has happened. In fact, there have been reports of losses that I read about on Twitter. It's probably so deeply buried that crypto news outlets are too stupid to find them.
There doesn't seem to be verified losses. There are a lot of people who are rooting for Bitcoin to fail, and I wouldn't put it past them to lie about losing money.
I already know their headlines.... LN is not secure and therefore Bitcoin isn't secure either. I'm sure they will exaggerate by a factor ten just to make people click on their articles and generate a few pennies.
Suprisingly, that doesn't seem to be the case. Headlines in Google only talk about the vulnerability itself. Bugs are expected out of any beta software, so detractors (same people who wouldn't want to touch it in the first place lol) are really the only ones making a big deal out of this.
September 30, 2019, 07:45:10 PM
@BitHodler. I am skeptical. They might be fake.
If you're connecting to peers running old versions of lnd, then yes.
I suppose there would be nasty sounding headlines for a few days and then everyone would move on? People working on Lightning have repeated ad nauseam, "don't put funds on LN that you can't afford to lose."
Now there is a pull request to the specification to add the requirement. Bottom line, we'll have a more robust specification now. This is what beta testing is all about.
The old versions required verification of the amount of funding transactions? I assumed the old version did not and the new version did.
In any case, I did not intend for this to irritate some people when I said Lightning network can quickly transform bitcoin as secure money into bitcoin, the unsafe money. But it did in a way, however.
In any case, are the receivers of channels not required to verify the amount of the funding transactions?
If you're connecting to peers running old versions of lnd, then yes.
Agreed because nothing happened. However, there was a dangerous bug that would have been exploited. What would the news be if someone exploited the bug?
I suppose there would be nasty sounding headlines for a few days and then everyone would move on? People working on Lightning have repeated ad nauseam, "don't put funds on LN that you can't afford to lose."
Now there is a pull request to the specification to add the requirement. Bottom line, we'll have a more robust specification now. This is what beta testing is all about.
The old versions required verification of the amount of funding transactions? I assumed the old version did not and the new version did.
In any case, I did not intend for this to irritate some people when I said Lightning network can quickly transform bitcoin as secure money into bitcoin, the unsafe money. But it did in a way, however.
Jump to: