Olaoluva Osuntokun, Technical Director of Lightning Labs and ACINQ, confirmed the cases of practical exploitation of the vulnerability in the Lightning Network protocol, the existence of which became known at the end of August.

In a report on the Linux Foundation portal, Osuntokun noted that cases of exploitation of the vulnerability in the Common Vulnerabilities and Exposures database were indeed recorded, and again reminded of the need to update clients to the current version.

The same reminder was made by representatives of Lightning Labs. The following releases are considered vulnerable:

LND version 0.7 and below;
c-lightning version 0.7 and below;
eclair version 0.3 and below.

At the same time, representatives of the BTCPay Server processing service noted that the client version 1.0.3.128 and older is not vulnerable, since some time ago support for LND 0.7.1 and c-lightning 0.7.2 was implemented.

BTCPay Server instances running v1.0.3.128 and up, are not vulnerable as we bumped both LND (0.7.1) and c-lightning (v0.7.2) a while ago.

If you're using Lightning and running an outdated versions, update your instance from Server Settings> Maintenance> Update. https://t.co/H3YkswEq8Z

– BTCPay Server (@BtcpayServer) September 10, 2019

The developers of Lightning Labs also noted that it was not in vain that they set limits on the amounts that can be paid into payment channels.

“There will be bugs. Do not deposit more than the amount you are willing to lose on the Lightning Network. ”

This is also a great time to remind folks that we have limits in place to mitigate widespread funds loss at this early stage. There will be bugs.

Don't put more money on Lightning than you're willing to lose!

– Lightning Labs⚡️ (@lightning) September 10, 2019

Recall, initially about the vulnerability, which can lead to loss of funds, said Blockstream developer Rusty Russell. Representatives of these projects urgently released updates to their software, urging all users to install them.

Follow BlockchainJournal on Twitter !