🚨 PSA: Be sure to update your LND instance to the latest version, especially if you are using it with Lightning Terminal.
https://www.nobsbitcoin.com/lnd-v0-18-5-beta/
Discussion
Are there any real world instances of something like this happening? I just keep seeing the same tweet screenshots circling around with no examples
Great question. Also, what’s the actual exploit? There’s no mention of the exploit patch in the release notes of 0.18.5 either.
Sorry. “A critical bug related to erroneous invoice state transitions.”
The only think I’ve heard on message boards is “you can't be affected by this bug unless you receive LN payments in a manner where doublechecking their settlement is impractical (ie if you run LN pos at bar etc)”
So from what i understand is that payments could be sent to a node, but never settle; i suppose.
I remember nostr:nprofile1qqsfy7f8d0lms08wxw2xu4jvxcq2x2zqy6dgypksrh05p3jr9w4qhjcpr9mhxue69uhhyetvv9ujuumwdae8gtnnda3kjctv9uq3zamnwvaz7tmwdaehgu3wwa5kuef0qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcgnazkh, nostr:nprofile1qqst4qyeqenw7zm0fwjsty68h6cnys5jre2xd8ngqpjv5a2j26s78fspzemhxue69uhhyetvv9ujucm0d9hx7uewd9hj75a0pev and Predyx getting hacked and having funds drained, i don't know if those instances had anything to do with this tho.
You do you. I'd trust Stick on that one instead of gambling with the funds on the node.
Big security incidents come with post mortems where full disclosure is provided but this usually has to wait until all had a good chance to secure their systems.
