A collection of scripts to steal BTC from Lightning Network enabled custodial services

Sep 20, 2021 1 min read

Lightning Network Fee Siphoning Attack

LN-fee-siphoning is a collection of scripts to subtract BTC from Lightning Network enabled custodial services by means of placing a node-in-the-middle and forcing routing and fee collection.

Originally described in 2018 by u/juscamarena (Bitrefill LN presentation) and independently executed at scale by Reckless_Satoshi

Read the full explanation on how this attack works in: LN+, Reddit or .

This repository is intended for educational purpose only. It should serve to any new service onboarding in the Lightning Network understand what an attacker could do by abusing the withdrawal fee policy.

Please behave nicely. The scripts in this repository do not work anymore, as the services have fixed the flaws before publication. Do not open an issue to discuss exploits that might be viable (will be deleted). You can contact Reckless_Satoshi at [email protected]

GitHub

Network Scripts

John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.