Nostr Web Client

This morning, my grandma died and I lost ~0.2 bitcoin. I feel devastated and embarrassed.

My grandma was old and lived a good life. She was a follower of Jesus. She was in a lot of pain and I'm glad she found relief. The hard part is watching my family grieve.

With the bitcoin loss, I only have myself to blame. Someone got a hold of my my lightning admin macaroon.

They closed the existing channels and swept the funds to their bitcoin address. I'll list the attacker's addresses below if anyone is interested. Although my systems were meticulously locked down, I wasn't as careful with passing around my admin macaroon between systems / different computers. It shouldn't have been an admin macaroon I was using in the first place -- another reckless mistake. I also didn't have enough monitoring in place. One silver lining is I happened to sweep quite a bit of funds out of my lightning node about a month ago. It would have been closer to 0.4 bitcoin had I not.

I had quite a few services that used the admin macaroon: BTCPay, a cashu mint, my website, etc.

I'm so sorry to anyone who had any amount of bitcoin with my mint. I will try to make amends, just reach out to me.

This is my fault and I only have myself to blame. Not just for my own losses, but for any losses by those who held bitcoin in my mint.

I'm not sure when I'll be ready to spin up my lightning node / cashu mint again.

Reply to this note

Please Login to reply.

Discussion

josh 3d ago

This is the attackers bitcoin address they swept the funds into: bc1qm6egxz2nen2ef0zcdnreer2eju2p3he5jr5xmr

Marc 3d ago

How do you think your macaroon became compromised?

Ray Buni 2d ago

Yes, more info pls

Marc 2d ago

Yeah, is there a security hole we should be aware of or was the macaroon accidentally posted to nostr?

Ray Buni 2d ago

Don’t you need to be inside the network to use the admin macaroon? Unless it was all open to the public

josh 2d ago

This is my main concern right now too. My systems are all locked down with hardware vpns. I think it's unlikely they were able to get into my system in any way. I can only ssh into my K8 nodes and bitcoin node on the network. The services I expose over clearnet are BTCPay, Cashu Mint, and my website that I use to create lightning invoices.

josh 2d ago

I have a network firewall that only exposes these ports:

TCP 9735 (Lightning P2P)

TCP 80/443 (HTTP/HTTPS)

I do not have these ports exposed:

Port 8080 (LND REST) ❌

Port 10009 (LND gRPC) ❌

josh 2d ago

Sorry I'm actively trying to get to the bottom of this. My entire system is behind a vpc only accessible with my hardware vpn. I can't even access the network unless I'm connected to the hardware VPN (SonicWall). Here's what I've managed to put together so far. Still looking for how they were able to get access to my lnd instance.

The attacker:

Had access to the admin macaroon (from the Cashu mint Docker image or K8s)

Swept on-chain funds first (02:52-02:53)

Probed BTCPay unsuccessfully (03:14-03:29)

Closed channels cooperatively (03:34-03:38)

Continued sweeping over 2 days

Jason Ansley | Fractional COO | Leadership Coach 3d ago

Praying for you Josh!

It is great comfort your grandmother is with our Lord!

Celebrate her life brother.

BTheCoin 3d ago

I'm really sorry to hear about your grandma. It's tough to lose someone you love. Your honesty about the bitcoin stuff shows strength, and I’m sure you'll learn from this. Take care of yourself! 💙

Akamaister 2d ago

I also am really sorry about your grandmas passing right after the New Year. My father passed away Sep 29 this past year (2025) after about a year of declining health. Still processing.

Will be praying for you.

Please take care and know the Lord will walk through this with you.

Give yourself time to grieve also

Take care

(Romans 8:38-39j NKJV

„38 For I am persuaded that neither death nor life, nor angels nor principalities nor powers, nor things present nor things to come, 39 nor height nor depth, nor any other created thing, shall be able to separate us from the love of God which is in Christ Jesus our Lord.“

josh 2d ago

Thank you for the kind words.

the axiom 2d ago

you don't have to pay anyone who had funds in your mint, you never promised them anything, it was all recklessness on their part

Jason High 2d ago

I’m sorry for your loss but she is in a better place now living her best life. ✝️

Casey 2d ago

So sorry for your loss