Skip to content

A collection of scripts to steal BTC from Lightning Network enabled custodial services. Only for educational purpose! Share your findings only when design flaws are fixed.

License

Reckless-Satoshi/ln-fee-siphoning

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 

Repository files navigation

Lightning Network Fee Siphoning Attack

LN-fee-siphoning is a collection of scripts to subtract BTC from Lightning Network enabled custodial services by means of placing a node-in-the-middle and forcing routing and fee collection.

Originally described in 2018 by u/juscamarena (Bitrefill LN presentation) and independently executed at scale by Reckless_Satoshi

Read the full explanation on how this attack works in: LN+, Reddit or Y'alls .

This repository is intended for educational purpose only. It should serve to any new service onboarding in the Lightning Network understand what an attacker could do by abusing the withdrawal fee policy.

Please behave nicely. The scripts in this repository do not work anymore, as the services have fixed the flaws before publication. Do not open an issue to discuss exploits that might be viable (will be deleted). You can contact Reckless_Satoshi at reckless.satoshi@protonmail.com

About

A collection of scripts to steal BTC from Lightning Network enabled custodial services. Only for educational purpose! Share your findings only when design flaws are fixed.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages