liquiditystr LSP hacked \ stacker news ~lightning

pull down to refresh

liquiditystr LSP hacked njump.me/nevent1qqsy2jxek8dh093v2lqn5un3g5dzvtctjcandm82z9ljd2ds7n9j3acpp4mhxue69uhkummn9ekx7mqzypwe8ymf9knyvku79g55ygmz0g5hue5dk99xy7s4jup8v4dev2nlyddjfrl

555 sats \ 4 comments \ @klk 5h lightning

A vulnerability in the publsp and liquiditystr (#995577) Lightning Service Provider (LSP) liquidity leasing protocols was exploited, allowing attackers to obtain liquidity with initial balance without paying the full amount. Multiple LSPs lost funds in the attack, despite early detection and mitigation efforts.

view all related items

122 sats \ 1 reply \ @ek 5h

post mortem:

0 sats \ 0 replies \ @klk OP 5h

Fuck... That was smart... And kind of basic at the same time.

202 sats \ 0 replies \ @justin_shocknet 5h

Every Lightning service gets hit with a drainage attack eventually, we once had someone exploit internal payments even though external payments had locks/atomic transactions... every Lightning node is a bounty

Even with the atomic solution in place we still run a separate watchdog that tracks LND and DB balances and shuts down on any discrepency

0 sats \ 0 replies \ @hasherstacker 3h

It's very unfortunate. Sorry for the loss.

To be honest, I think that's the part that hurts more than the funds I lost. Others trusted the project enough to give it a try but ultimately got burned by something I built. I'm gutted over the fact that some node runners have lost some of their hard earned sats, and I'm truly very sorry this happened.

Once again, truly sorry.