Custodial Lightning Network Service Attack Discovered by LN ‘Newbie’ — Hacker Strikes 6 LN Custodians
On September 18, a Redditor posted to the r/bitcoin forum and explained how he discovered a way to “attack [the] lightning Network’s custodial services.” The Reddit account dubbed “Reckless Satoshi” wanted to figure out...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
On September 18, a Redditor posted to the r/bitcoin forum and explained how he discovered a way to “attack [the] lightning Network’s custodial services.” The Reddit account dubbed “Reckless Satoshi” wanted to figure out if a “discrepancy between real routing fees and service’s transaction fee can be exploited for a profit.” The researcher disclosed that he wanted to see how large the damage could be and said “it is bad.”
6 Lightning Network Custodial Services Attacked, Researcher Discloses Findings to Offenders Prior to Public Disclosure
A Redditor called Reckless Satoshi published a disclosure post on r/bitcoin this past Saturday and disclosed how he had found a vulnerability with routing fees and some of the Lightning Network’s custodial services. The research attack was done in good faith and after it was complete he disclosed the bugs to the offending services before publishing his findings. Reckless Satoshi used the Lightning Network (LN) attack on six different services including Bitfinex, Muun, Okex, Lnmarkets, Southxchange, and Walletofsatoshi.
Reckless Satoshi said the attack was “cheap, but not free,” and a “simple attack.” After depositing funds into the custodial services, Reckless Satoshi used “a node that will be routing the payments between the custodial service and the receiving node.”
“If a positive net return is possible, then it is just a matter of optimizing the size of the fee collected and the transaction speed rate to see how big the damage could be,” Reckless Satoshi added. “It is easy to see how this attack must be feasible on any service with [a] free withdrawal fee.”
Reckless Satoshi also published his attack to the code repository site Github. After explaining how he placed a node in the middle, the researcher added:
This is one of the simplest attacks. In fact, the only LN attack I can think of, but also I am just a newbie in the process of learning. I assume there are people out there much more capable of conducting this research. Who knows, maybe there have been sizable losses in the past that remain undisclosed.
The visitors who read Reckless Satoshi’s forum thread thanked him for conducting the research and disclosing the bugs to specific custodial LN providers. “I’m glad to see that people are not hacking/exploiting the system just for malicious purposes or to make quick profit out of it,” an individual wrote in response to the disclosure. Moreover, a number of Redditors discussing Reckless Satoshi’s findings argued over what they should call the attack.
At the time of writing, the Lightning Network has seen its total value locked (TVL) slide by 9.3% during the last 24 hours. However, since July 20, 2021, the LN TVL jumped over 100% from $56 million that day to today’s (2,600+ BTC) $112 million TVL held in the Lightning Network. Much of the 9.3% TVL slide on LN is due to the recent crypto market rout on Monday morning, September 20, as the crypto economy has slid 9% in value during the last 24 hours.
What do you think about the Lightning Network attack described by the Redditor Reckless Satoshi? Let us know what you think about this subject in the comments section below.
Why this matters
This bitcoin story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on Bitcoin NewsRelated market context
Polymarket Turns On Instant Bitcoin Deposits Via Lightning Network, Powered by Spark
Bitcoin Magazine Polymarket Turns On Instant Bitcoin Deposits Via Lightning Network, Powered by Spark Polymarket, the crypto-nativ...
Bitcoin Suisse Advances Middle East Expansion, Receives Financial Services Permission in Abu Dhabi
Zug, Switzerland, July 7th, 2026, Chainwire. Premium virtual assets pioneer BTCS (Middle East) Ltd. is now fully authorized by the...
Coinbase secures UK investment services license to add derivatives and equities trading
Coinbase secured a UK investment services license to offer derivatives and equities trading in addition to crypto.
Bitcoin Suisse Advances Middle East Expansion, Receives Financial Services Permission in Abu Dhabi
Zug, Switzerland, July 7th, 2026, Chainwire Premium virtual assets pioneer BTCS (Middle East) Ltd. is now fully authorized by the...
Merit Systems marked as ‘Questionable’ on Ethos Network after researcher drained $20K from AI wallet
The incident highlights the critical need for robust security measures and transparent, supportive responses to vulnerability disc...
Polymarket Switches on Instant Bitcoin Lightning Deposits, Cutting 60-Minute Waits to Under a Second
Polymarket, the world’s largest prediction market, has enabled instant bitcoin deposits over the Lightning Network, with new rails...