Dark-LN Releases Preimage Stealer \ stacker news ~bitcoin

Dark-LN Releases Preimage Stealer github.com/dark-ln/preimage-stealer

8006 sats \ 24 comments \ @midnight_orange 17 Nov 2022 bitcoin

575 sats \ 4 replies \ @midnight_orange OP 17 Nov 2022

This tool allows you to steal funds from nodes that attempt to pay an invoice a second time after the first succeeds. Soon we will add the wormhole attack in it so that routing nodes can get more money by shortcuting other routing nodes in the middle. You can safely run this and sit back and watch your node get more sats than it was getting before. There's also a mode that doesn't steal in case you want to see if you could have stolen funds.

0 sats \ 3 replies \ @faithandcredit 18 Nov 2022

This tool allows you to steal funds from nodes that attempt to pay an invoice a second time after the first succeeds.

Paying an invoice a second time has to be a mistake most of the time. If thats the case you made a tool to steal sats from people who make this mistake? What im missing

7 sats \ 1 reply \ @0330830bf9 18 Nov 2022

Conceivably, this could be combined with an invoice replay attack in niche situations where the invoice is being presented by a 3rd party, but either the destination is validated, or the skimmer wants to be discrete.

If you're using an LNURL bridge for example, this would be reason to have a short TTL on your invoices.

10 sats \ 0 replies \ @faithandcredit 18 Nov 2022

Thanks for the comment, but im kinda sad that i barely understood what you are saying but i upvoted anyway

0 sats \ 0 replies \ @super_testnet 19 Nov 2022

I've done it when I get a payment that takes too long. I test out new lightning wallets all the time, and not all of them are very reliable. So when I try to pay an invoice, it often gets "stuck" for several minutes trying to pay without either failing or succeeding -- just "pending." When that happens I usually switch to a different wallet and try to pay the same invoice with that one. In other words, without making a mistake, I try to pay the same invoice twice. I did not consider that I can lose sats doing this but now I will take that into consideration.

350 sats \ 1 reply \ @TonyGiorgio 17 Nov 2022

Very cool! Need to add something like this to LNsploit too. If you get any major routing nodes or LSPs to run this in watch mode, I'd be very curious what their results are. I'm not sure how often they'd see the same payment hash again after it was paid.

Also I think PTLCs fix wormhole attacks but haven't heard of it being exploited before so that'll be cool when you add that.

361 sats \ 0 replies \ @benthecarman 17 Nov 2022

Yeah PTLCs fix the wormhole attack: https://suredbits.com/payment-points-part-1/

290 sats \ 2 replies \ @nerd2ninja 17 Nov 2022

Is it fair to interpret this as a hacking tool? I think I initially thought it was to prevent theft, but it looks rather like its enabling theft now that I've given it a second read through?

387 sats \ 1 reply \ @midnight_orange OP 17 Nov 2022

No hacking involved. Lightning payments are locked to a secret (preimage) so if you know the secret then you can get the funds. This tool allows you to redeem payments by checking your storage to see if your nodes know that secret. A few cases like double payments and wormholes exist that this can be leveraged against to unlock funds that nodes normally don't act on.

10 sats \ 0 replies \ @nerd2ninja 17 Nov 2022

Interesting

134 sats \ 1 reply \ @cryptocoin 18 Nov 2022

Is there a known solution that removes this attack vector then?

186 sats \ 0 replies \ @theinstagibbs 18 Nov 2022

IIRC BOLT12 gets rid of this since invoices are directly requested.

PTLCs also fix this.

26 sats \ 6 replies \ @artdesignbySF 17 Nov 2022

Wow wtf.. ok. Kan you explain for idiots like how this works?

141 sats \ 5 replies \ @k00b 17 Nov 2022

ELI5: Carol tells Alice she'll give Alice a picture of a cat, if Alice sends Carol money through Bob. Bob has saved this picture of this cat because Carol showed it to him before, so when Alice pays Bob, Bob shows Alice the picture of a cat (settling the payment) and Bob doesn't have to pass the money along to Carol.

A lightning invoice is a cryptographic hash of a secret (i.e. anyone with the secret knows the hash of the secret, but if you just have the hash you can't determine the secret). A lightning invoice is settled when the payer gets this secret from the payee. In lightning payment route, the hops are like payers chained to together - all waiting to settle the payment with their channel partners (and collect fees) when the payee releases the secret.

If you're an intermediate hop on the route from the payer to the payee and the payee reuses a secret known to you, you can settled funds without routing the payment to the payee, effectively stealing funds.

This tools saves secrets it's seen before, waiting for them to be reused so it can steal funds.

1 sat \ 4 replies \ @2big2fail 18 Nov 2022

how often are payees reusing secrets?

1 sat \ 3 replies \ @k00b 18 Nov 2022

Probably not very often. Only likely if they have buggy code or something afaik

0 sats \ 2 replies \ @cryptocoin 18 Nov 2022

Is this an example where I'm at risk?

Let's say I try to withdraw from SN, and the max fee I entered is tow low, so eventually I get a message saying failed "timed out finding route", and to "try increasing max fee".

If I increase the max fee and try again with the same invoice, is my second attempt vulnerable to this preimage stealer?

25 sats \ 1 reply \ @2big2fail 18 Nov 2022

no i don't believe so as the payment never found a route during the probing process.

if i understand correctly this is related to invoice reuse after a prior successful payment

199 sats \ 0 replies \ @midnight_orange OP 18 Nov 2022

yes the main concern is someone paying an invoice successfully and then someone (maybe same person or other) paying that invoice again from another wallet.

another concern is if a payment looks stuck and making the payment again on another wallet.

if a payment fails and you make the payment again then you are fine.

there's a wormhole attack here too that users dont need to worry about too much it's mostly a router level attack