Following the widespread hype of Bitcoin (BTC) wallets bending to the “travel rule” to comply with Swiss and Dutch regulations, a developer warned that something similar could be brewed on the Lightning Network (LN). .
In a Linux Foundation blog post, developer Armdxxi said that when a Lightning node generates an invoice in BOLT11 format, which includes a description of the payment target, it is signed by the issuer with detailed information. The signature validation process verifies that it comes from a specific node and that it hasn’t changed.
But here comes the details. This description can be “exploited” by “bad actors” within the regulated domain. And users, unaware, They accept it without even knowing its repercussions.
The BOLT11 bill is the most widely used mechanism in solving the second layer of Bitcoin. in a, The money recipient generates a QR code with the payment invoiceallowing you to add a description that represents the problem in this case.
How it works?
There are ways in which, through LN, a process similar to that of AOPP can be created. However, Bitcoin wallet users They have to sign a letter from an address to prove it’s theirswhile withdrawing more than $1,000 from centralized cryptocurrency exchanges.
Verification of a Know Your Customer (KYC) node is one such process. here, A “specialized invoice” can be created to check those points.
That “invoice”, which includes the BOLT11 format, You must fill in personal information in the description and then handed over to service. The tricky thing is that this information can be stored and shared in the user database. The same goes for the contract. whose information may end up in the hands of regulators and governments.
For Armdxxi, this is more than enough to recommend Lightning Network compatible wallet developers Which eliminates the possibility for users to sign ads with their own nodes.
“As with the widespread removal of AOPP from hardware/software wallets, exchanges could stop expecting users to be able to easily hand this information over,” the developer said.
Reason for paying the other way
The second way the Lightning Network travel rule can be facilitated is by pooling payment reasons into transactions under the BOLT11 format. Here the role is played by the recipient of the money.
Although in theory only the payer and beneficiary know the reason for the payment, “custodians” of funds can see and store this information.
For this reason, the developer warns, if exchanges bill blockchain analytics firms, such as Chainalysis or Messari, “it could be quite revealing,” on the grounds that it could be known, for example, that The name of the internal user that pays, the Lightning node receiving the charge, the total amount, and a description.
This broadly collected information allows risk scores to be plotted across the network. These degrees of risk will lead to control issues. In addition, they can share suspicious node owners and their known transactions with malicious parties.
Armdxxi, developer of the Lightning Network.
For a specialist, this can be addressed by clearly informing about the possibility of verification of the information entered by users in billing by third parties. however, Ideally, wallet developers remove descriptions completelyhe suggested.
Bend to the base travel
This potential breach of privacy in the Bitcoin Lightning Network is known after the spread of the case of cryptocurrency wallets that decided to comply with the recommendation of the International Financial Action Task Force (FATF) to operate in Switzerland and the Netherlands.
As CriptoNoticias reported a few days ago, companies like Trezor, BitBox, and BlueWallet have integrated a protocol into their products. Which automatically sends the personal wallet proof of the exchange.
Although Trezor backtracked the next day and abandoned the questioned protocol integration (perhaps motivated by the harsh disapproval of the Bitcoin community) Other companies that compete with her bear the decision.
Thus, given the impact and growth of the Bitcoin Lightning Network, the developer’s contribution is significant, Aiming to ensure privacy above all else.
There is currently enough exploitation with BOLT11 billing that we should be concerned about it. My recommendation is to eliminate the possibility of users shooting themselves in the foot. This can happen today at the application layer by stripping portfolio descriptions. The lack of description support will help hamper the ability of mass monitoring in the Lightning space.
Armdxxi, developer of the Lightning Network.