New form of 51% attack via lightning's revocation system possible?

The attacker needs to be a large 51% miner with many channels share-owned by them and large capacities in each channel. However, individual nodes can protect against these attacks by contributing hashpower to a decentralized mining aggregator, disallowing more than n channels with a single node, insisting on a blocksize limit and limiting capacities per channel.The block size limit and the channel capacity limit are vital protections against this attack. An attacker can run many nodes to bypass protection #2.1, but each node at least consumes some resource that could have been used for hashing. In addition, if one side refuses to make larger than a certain capacity, the channel cannot be established. The number of channels that can be stolen in a single block is bounded by the blocksize.If we impose a limit of 167.77216mBTC per channel, we need six channels to steal 1BTC. To steal 1M BTC, six million channels would be required, which cannot fit in a block. About 2000 transactions can fit in a block so that is 2000 channels closed per block. Thus, closing 6 million channels requires secretly mining 3000 blocks, which takes about 20 days. Note that this only closes the channels; the commitment transactions must also be claimed, requiring another 3000 blocks (an additional 20 or so days).The revocation system in its current form allows for a new form of a 51% attack, which seems to be way more harmful than a successful 51% attack on the bitcoin network. An attacker could steal up to 99% of all the bitcoins allocated in the sum of all payment channels the attacker was connected to. The attack would be interesting in particular for the power nodes created by the Barabasi-Albert model of lnd's autopilot. There is currently no (reasonable) way of preventing this form of a 51% attack other than creating payment channels that do not offer the possibility of revocation, as it abuses exactly the core idea of lightning to do something in secret without broadcasting it.In this email exchange, Christian Decker and René Pickhardt discuss the potential for a 51% attack in Lightning Network. Christian argues that such an attack would be deadly to all blockchains and that Lightning participants should not be able to own more than 2 or 3 times the amount of BTC they have in payment channels.René presents an attack scenario where an attacker with 51% hash power, who already has a lot of bitcoins and well known to honest nodes in the network, can open several lightning channels and accept incoming payment channels. The attacker secretly starts mining on her own and spends fraudulent (old) commitment transactions, which she could do as the output return funds are delayed for to_self_delay blocks, giving her enough time to mine the blocks. As soon as the attacker has mined enough blocks that the commitment transactions cannot be revoked, she broadcasts her secretly mined blockchain, stealing up to 99% of all the bitcoins allocated in the sum of all payment channels the attacker was connected to. René notes that this attack is more problematic and makes it way more interesting for a dishonest fraudulent person/group than a classical double spend attack.The Lightning Network has been identified as vulnerable to a 51% hashing attack that could potentially steal more Bitcoin than double spending. This attack would involve the attacker setting up a channel with an entity that is funding it with 100% on their side, then routing 5 BTC from another channel through the second and saving the state that they own all 5 BTC in the victim channel. The attacker would then route 5 BTC through the first channel, causing their balance to return to 10 BTC while the victim's 5 BTC is still held by the attacker. The attacker would then use 51% hashing power to mine a secret chain that uses the saved state to close the victim channel and claim the funds. In this way, the attacker can collect old states worth many multiples of up to 10 BTC and mine them at once. This attack vector only allows a 51% miner to steal funds from channels they participate in, so creating channels with identifiable entities with whom you have an existing relationship is a defense against this attack. The attack also becomes less likely if hash rate is very decentralized.A Lightning developer, Rene Pickhardt, has raised concerns regarding a new form of 51% attack that could be more harmful than a successful 51% attack on Bitcoin. The new attack is made possible due to the revocation system in its current form allowing an attacker to steal an arbitrary amount of funds as long as they have enough payment channels with enough balance open. If a 51% attacker secretly mines enough blocks after fraudulently spending old