Every lightning node on the network is a hot wallet. There's never been an instance where lightning was "hacked".
Discussion
Risk is an exposure and management process. Supply chain attacks or zero days are possible and not of zero risk.
Active/dynamic systems (multiple lightning implementations and lightning channels) are generally at much greater risk than passive (btc cold wallet address). The overall risk may still be low - while the relative risk is quite different.
Side attacks are also very possible - like requesting a refund via a path hint with a high fee node the attacker controls. Unless you mitigate against something like this, naive implementations are vulnerable.
Same goes for Umbrel. LND may be safe, while an app update or new app could escape docker and do bad things.
It’s a matter of when, not if. Yet it’s all a risk management process at the core.
Thought you were going back to Twitter mate?
Me? I’ve been largely taking a break from tech and dev the past bit. I really don’t do social networks.. killed Facebook and Twitter a decade ago and now only have a zero follower private Twitter to get some content that’s yet to cross borders.
Some social keeps you connected. The rest rots the brain.