Two researchers from the University of Illinois, Cosimo Sguanci and Anastasios Sidiropoulos, published a paper finding vulnerabilities in the Lightning Network, explaining the vulnerabilities in the Layer 2 network using the hypothetical case where malicious nodes can collude to attack.
A consortium of only 30 nodes can lock up 31% of the channel’s funds for about 2 months via a bot attack, and can steal over 750 BTC (~$18 million) via a massive double-spend attack.
The researchers said the two attacks exploited congestion on the Bitcoin blockchain to cause damage to the Lightning Network.
A double-spend attack could be the most catastrophic. As the network continues to grow, the severity will only increase, so vulnerabilities need to be dealt with immediately and efficiently.