## Cryptology ePrint Archive: Report 2020/456

Bank run Payment Channel Networks

Zhichun Lu and Runchao Han and Jiangshan Yu

Abstract: Payment Channel Networks (PCNs) have been a promising approach to scale blockchains. However, PCNs lack liquidity, as large-amount or multi-hop payments may fail. Payment griefing is one of the identified attacks on PCNs’ liquidity, where the payee withholds the preimage in Hash Time Locked Contract. Before this payment expires, coins involved in this payment cannot be used in other payments. We introduce Bankrun attack, which exploits payment griefing to bank run PCNs. Bankrun in finance means numerous clients withdraw their money from a bank, which makes the bank insolvent and even bankrupted. In our Bankrun attack, the attacker generates sybil nodes, establishes channels with hubs in the network, makes payments between his nodes and griefs them simultaneously. If the adversary has sufficient coins, he can lock a high percentage of coins in the PCN, so that the PCN may no longer handle normal payments. We introduce a framework for launching Bankrun attacks, and develop three strategies with a focus on minimising the cost, draining important channels, and locking most amount of coins, respectively. We evaluate the effectiveness of Bankrun attacks on Bitcoin’s Lightning Network, the first and most well-known PCN. Our evaluation results show that, using channels with 1.5% richest nodes, the attacker can lock 83% of the capacity in the entire network. With connections to these nodes, an adversary with 13% ($\sim$77 BTC) of coins in the network can lock up to 45% ($\sim$267 BTC) of coins in the entire network until time out (e.g. for an entire day); reduces the success rate of payments by 23.8%$\sim$62.7%; increases fee of payments by 3.5%$\sim$14.0%; and increases average attempts of payments by 26.4%$\sim$113.7%, where payments range from 100,000 to 1,900,000 satoshi (7$\sim$135 USD).

Category / Keywords: cryptographic protocols / blockchain, payment channel networks, griefing, bankrun

Date: received 19 Apr 2020, last revised 22 Apr 2020

Contact author: luzhic01 at gmail com,runchao han@monash edu,jiangshan yu@monash edu

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2020/456

[ Cryptology ePrint archive ]