Protect from Bitcoin's Lightning Network Spies

Payments in Lightning do not reflect the Bitcoin blockchain, but even the second layer requires privacy-enhancing strengths.

Surveillance Camera
Protect yourself from Bitcoin's Lightning Network Spies (Pic by Tobias Tullius on Unsplash)

In Short

  • The second-layer network is not fully functional to protect privacy.

  • An attacker will be able to discover channel balances through probing.

"A mass adoption of Taproot would hide every type of Lightning transaction, making it look like any other, which would be a stone in the shoe of surveillance companies." So responded developer Francisco Calderon, also known as Negrunch, on Chainalysis preparing to monitor Bitcoin's second-layer network channels.


Chainalysis reported that, in February next year, Bitcoin's Lightning network would be under the magnifying glass of governments and companies that use Chainalysis' services. The firm will add support for Lightning, and after that, anyone using its platform will be able to track transactions on the network that enables instant micropayments.


Pratima Arora, chief product officer at Chainalysis, said her company "exists to build trust in cryptocurrencies to promote financial freedom with less risk" in terms of regulations.

"Lightning Network solves many of the problems preventing the Bitcoin protocol from being used for micropayments and other types of transactions that increase financial inclusion. By enabling our customers to support Lightning transactions in a compliant manner, we hope to increase the network's popularity and help it scale." Pratima Arora, Chief Product Officer, Chainalysis

What Chainalysis does not expose is how they will track transactions on the Lighting that enables instant off-chain payments. Since the transactions don't get recorded on the Bitcoin ledger, BTC movements on this network are not public as they are outside the Bitcoin mainnet.

Money and governments against privacy

The company tracks the movement of various blockchains, including Bitcoin. They help law enforcement agencies and other bodies keep an eye on the money movements of cryptocurrency users for criminal investigations. They also enable tracking for tax purposes, for example.


Chainalysis, which spends hundreds of millions of dollars on its surveillance of blockchains, has been closely associated with governments over time. And perhaps one of the clearest nods to this has been the addition of former FBI agent Gurvais Grigg as the company's chief technology officer in April this year.

Governments such as the United States have been particularly active in getting their hands on cryptocurrency transactions and going against the crypto privacy sought by users. In fact, in July last year, this media outlet reported the interest of the US tax service, the IRS, in tracking the activity of privacy-focused cryptocurrencies such as Monero or Zcash, in addition to the Lightning network. The latter would now be possible, according to Chainalysis' announcement.



Taproot adoption

For Venezuelan developer Francisco Calderón, there is a need to drive greater adoption of Taproot to protect against surveillance:


"The traditional way Chainalysis proceeds is by monitoring and linking users with Bitcoin transactions. From there, they can scan the blockchain to see the past and future transactions of identified users. If this company has a user identified, it can tell when they have opened a channel [on the Lightning network]. While monitoring what's going on in the channel won't be as simple as checking the blockchain, there is a way to find a balanced channel that is not ours." Francisco Calderón is a developer for Bitcoin's Lightning network.

Calderon refers to the fact that while people see bitcoin's micropayment network as a solution for privacy and security, in reality, an attacker can quickly discover a stranger's channel balances by probing.


Of course, it would be uphill for Chainalysis if it intends to monitor all public channels, which currently number 78,000, and even more so if most of them are private. But even so, the company could quickly know which wallets users are using. And by simply decoding a Lightning invoice, they would obtain information about who is receiving the funds, the destination node, and clues to determine the payment to the destination.

Taproot, a gun loaded but not ready to fire.

Developer Sergi Delgado agrees that the Lightning network is not a privacy layer. He mentions the possibility of using heuristics to extract a hypothesis of the origin and destination of the funds.


On the other hand, channel probing techniques consist of sending payments through LN channels between two nodes controlled by the same person. These payments get discarded once received by the destination. They are used to find the balance of each node in the channel.


Delgado agrees with Calderon about Taproot potentially hindering Chainalysis in its attempts to combat the privacy of Lightning network users. However, he cautions that it would protect "at the level of opening and closing channels, i.e., it would hinder the trace that channels leave in the chain, but not the attacks possible at the second layer."


There must be greater adoption for users to enjoy Taproot's benefits, such as more private, efficient, and less costly transactions. For that to happen, exchanges and other service providers must update their software to make them compatible and allow trading between Bitcoin addresses with Taproot support.


"Users should start pressuring wallet developers to adopt Taproot and start benefiting, among other things, from the privacy improvements we now have thanks to this enhancement." Francisco Calderón, developer for Bitcoin's LN.

Meanwhile, to protect your right to privacy in Lightning, Sergi Delgado recommends "having unadvertised channels because balance probing attacks cannot target them." However, the developer believes that route analysis is more complex. However, he explains that Point Timelock contracts (also known as "point of payment" or PTLC) can contain this type of attack. With these, you can send payments without trusting anyone by adding a random setting not to be discovered which payments belong to the same route.

  • Facebook
  • Instagram
  • TikTok
  • Twitter
  • LinkedIn