ATTENTION PLEASE! 🚨 I've been notified of a critical vulnerability in the LNbank plugin! I recommend all instances running LNbank to update immediately to LNbank v1.8.9 to mitigate this critical vulnerability.
Note: This does not affect nostr:npub155m2k8ml8sqn8w4dhh689vdv0t2twa8dgvkpnzfggxf4wfughjsq2cdcvg — you are only affected when running the LNbank plugin. For further assistance, you can get in touch with me on our Mattermost over at https://chat.btcpayserver.org
Please update your instances and help spread the word. Update is already out, just go to Manage Plugins and hit Update.
Thanks for the heads up! I really appreciate it.
Please update everyone! In BTCPayserver, go to plug-ins and then click LNbank update button. Then restart BTCPayserver with `systemctl restart btcpayserver` in the `Terminal` app, then press enter.
nostr:note1mlmwnss5wl3nerua5cejtnfftwhpw8u4v0k9mcnek44pttjnwsxsqe5y2w
Big thanks to the nostr:npub155m2k8ml8sqn8w4dhh689vdv0t2twa8dgvkpnzfggxf4wfughjsq2cdcvg team, everyone was helpful and encouraging throughout the day. Helped a lot to manage this! 💚🫂
Thanks for the late 'heads up'. On past Wednesday 4BTC were stolen from my LN node because of the LNbank bug. Any chance you can help me in any way? I lost almost all my life savings.
Hello Hugo, I have been thinking a lot how to properly respond here and express how sorry I am for what happened. I have taken time to condense all my thoughts and just published a recap of what happened with the LNbank vulnerability.
Sorry again for all the problems this has caused to you.
All live savings on a hot wallet? Pretty expensive, but necessary lesson.
I didn't say all. I said almost. But I'm not going to discuss what percentage was stolen in public.
But anyway, THANK YOU very much for your support and empathy!
Also nothing was stolen from a hot wallet! You should learn to read first...
The BTC was stolen from a perfectly secure node and from it's LN balance, from active channels, BECAUSE OF A BUG in LNbank!
It's sad you write shit like this to a person that has been in Bitcoin since 2017, knows perfectly well what a hot/cold wallet is and only because I decided to have good will and onboard merchants with a BTCPay server and increased my BTC on the node, got fucked!
I wish you never get hacked and lose a big majority of your BTC because of a bug you don't control! Stay well.
Sorry for your loss, but bitcoins in a lightning node, is a hot wallet, because it is connected to the internet.
LNBank should not have allowed the balance on the mother node, and should only have access with limited authority, just like a LNDhub. This is how it should be designed, but due to a bug/mistake it has access to the lightning node with full authority. It is not your fault, Hugo. You have nothing done wrong.
Thank you for your evangelization effort, hope you will not lose enthusiasm.
Don't take personally people trying to explain what you did wrong and that you does not understand "hot wallet" term correctly.
