The Lightning Network is a second layer technology running on top of
Bitcoin and other Blockchains. It is composed of a peer-to-peer
network, used to transfer raw information data. Some of the links in
the peer-to-peer network are identified as payment channels, used to
conduct payments between two Lightning Network clients (i.e., the two
nodes of the channel). Payment channels are created with a fixed
credit amount, the channel capacity. The channel capacity, together
with the IP address of the nodes, is published to allow a routing
algorithm to find an existing path between two nodes that do not have
a direct payment channel. However, to preserve users' privacy, the
precise balance of the pair of nodes of a given channel (i.e. the
bandwidth of the channel in each direction), is kept secret. Since
balances are not announced, second-layer nodes probe routes
iteratively, until they find a successful route to the destination for
the amount required, if any. This feature makes the routing discovery
protocol less efficient but preserves the privacy of channel balances.
In this paper, we present an attack to disclose the balance of a
channel in the Lightning Network. Our attack is based on performing
multiple payments ensuring that none of them is finalized, minimizing
the economical cost of the attack. We present experimental results
that validate our claims, and countermeasures to handle the attack.