The Lightning Network is a trustless* Layer 2 network for Bitcoin and brings forth many improvements in speed and cost of final settlement. I use an asterisk on trustless because although it is, there are a few caveats to take into consideration so that your funds are safe, aside from normal hot wallet risks. Watchtowers, which we’ll cover today, ensure that your funds are safe from malicious channel closures, which is one of the main risks of running a well-capitalized Lightning node.
Lightning channels are currently constructed through setting up a two-of-two multisig address, in which your funds are locked up with another party. Either party has the secret to revoke the multisig contract and settle up at any time, but only if both nodes are online can it be closed immediately. If your node did go offline, the other party has to either wait for you to come back online or force close the channel. Now, force closing is not always a huge concern, especially if you’re using the Lightning Network with peers that you trust already, but as the Lightning Network grows and its use cases expand, you’ll inevitably start interacting with peers whom you may not know, and so it’s important to learn to defend your node against malicious closures.
If a malicious peer were to close a channel with a false balance state, and you don’t come online to rebroadcast and claim the actual balance within enough time, they can get all of your funds in the channel. Watchtowers protect against this by keeping a running tab of your channel balances and defending against malicious closures. If a bad actor were to close a channel while you have a watchtower active on your Lightning node, they will instantly be penalized through what’s called a justice transaction instead of you, and you will get all of their funds instead of them getting yours.
In this video, we explain how watchtowers work to protect your funds inside Bitcoin Lightning channels and show you how to connect to Voltage.Cloud’s free, LND Tor-based watchtower service.
This significantly reduces the operational risk of running a capitalized Lightning node in my opinion. While it does not necessarily reduce the risk of force closures on a crashed node with static backups and could still be an expensive incident to recover, at least this will protect your funds against malicious channel partners who may try to steal your funds if a hardware failure event were to occur.
Currently Voltage.Cloud runs this service altruistically, too. Pretty sweet, huh?
Thanks for checking out our video. Full steps below.
https://www.youtube.com/watch?v=tmgh18QE4eA
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
1) Here is the code to add to the bottom of lnd.conf file:
[wtclient]
wtclient.active=true
2) Then, after you restart, run from root via SSH:
docker exec -it lnd lncli wtclient add 0301135932e89600b3582513c648d46213dc425c7666e3380faa7dbb51f7e6a3d6@tower4excc3jdaoxcqzbw7gzipoknzqn3dbnw2kfdfhpvvbxagrzmfad.onion:9911
3) Finally, to check the watchtower is active run:
docker exec lnd lncli wtclient towers
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Video Timestamps:
0:00 Intro
0:30 Watchtowers explained
2:27 Downloading PuTTY to access node via command line
3:20 Modifying lnd.conf file via SSH
5:40 Restarting node
6:05 Adding Voltage.Cloud’s Tor Watchtower via SSH
7:05 Verifying the Watchtower was successfully added
7:37 Watchtower privacy
8:22 Outro
This is a guest post by BTCBap. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.