Upgrade advised to avoid loss of funds
Olaoluwa Osuntokun, CTO at LN-focused startups Lightning Labs and ACINQ, revealed the news in a brief statement on Linux Foundation’s domain on Sept. 10, claiming that there are confirmed instances of Common Vulnerabilities and Exposures (CVE) “being exploited in the wild.”
The vulnerability was first reported on Aug. 30 by LN coder Rusty Russell. At the time, the Australian software programmer warned of security issues in a number of Lightning projects that could cause loss of funds, urging LN nodes operators to update their software as soon as possible.
Three pieces of software affected
Now that CVE cases have been confirmed, in order to avoid the risks of funds loss, Osuntokun strongly advised users to update their LN versions. The affected versions include LND nodes version 0.7 and below, c-lightning nodes version 0.7 and below and eclair nodes version 0.3 and below, the post noted.
Following the new warning, Lightning Labs tweeted, advising LN users to remain cautious:
“This is also a great time to remind folks that we have limits in place to mitigate widespread funds loss at this early stage. There will be bugs. Don't put more money on Lightning than you're willing to lose!”
In mid-August, cryptocurrency consulting firm Lunar Digital Assets warned that private transactions of PIVX cryptocurrency and over 200 other blockchains are vulnerable to attackers obtaining disproportionately high staking rewards.