A new type of vulnerability has been found, affecting the routing nodes, allowing the attacker to steal the amount locked in HTLC you’re forwarding for them. Several scenarios and possible mitigations are suggested in the article.

For more details, see the original paper: https://github.com/ariard/mempool-research/blob/2023-10-replacement-paper/replacement-cycling.pdf

Discussion on stacker.news: https://stacker.news/items/288995