TechFlow reports on February 20 that, according to Protos, a developer named "Calle" discovered a critical security vulnerability in Bitcoin's Lightning Network. Nodes running versions earlier than LND 0.18.5 or LITD 0.14.1 are at risk of fund theft.
The vulnerability could allow hackers to remotely manipulate the payment status of Lightning invoices, potentially leading to unauthorized fund withdrawals. Pavol Rusnak, co-founder of Satoshi Labs, has issued a warning urging users to update their node software immediately.
Notably, although the vulnerability has been patched in LND 0.18.5 and LITD 0.14.1, as the LND 0.18.5 release was only made last week, a significant number of nodes have not yet upgraded and remain exposed to this security threat.




