Our great sponsors
-
ln-fee-siphoning
A collection of scripts to steal BTC from Lightning Network enabled custodial services. Only for educational purpose! Share your findings only when design flaws are fixed.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
In the case depicted in Fig-2, our routing node is directly connected to the custodial service. This is ideal to optimize the attack: the deposits have no cost, HTLCs will settle quickly, and we avoid the limitations set by other routing nodes using CircuitBreaker (payments fail when a few HTLCs are pending). If the attack is successful, having a lot of inbound liquidity from other nodes is key. The channel to the custodial service will quickly become unusable as we have stolen the liquidity to our side. Therefore, you want to desuturate it by circular rebalancing. Once we free up inbound liquidity from the custodial service, the channels to our liquidity providers will be saturated, we can chose to close those and move the profits on-chain or we could loop out (not sure which process is less costly: we are making free BTC, does it even matter?)
I'm sharing code to replicate my findings on GitHub Reckless-Withdrwals. So far, only LNMarkets, I will not share yet Bitfinex and Southxchange as I am not 100% confident that they are exploit proof after their fix.
They have a FOSS recovery utility that lets you grab the money from those multisig addresses in case you "lost" your phone/app. It scans the chain using the public Electrum servers and builds a transaction from those addresses to whatever address you provide. So instead of the unspent amount you get the entire amount. It's not possible to find those on-chain addresses in the app so the whole scheme is quite obscure. And since this issue is fundamental because the approach they chose it can't be fixed. Either you can't recover your money at all (and it contradicts their security model) or you recover more than you should (and it's not your fault of course).