0 sats \ 2 replies \ @j24 3 Jun 2022 freebie \ on: Important lightning network node was compromised and is shutting down bitcoin
What does it mean in this context that "the wallet was locked"? Couldn't the attacker have used the admin.macaroon to transfer funds?
All of that might have been encrypted, i.e. locked. Otherwise, I don't know what that means.
reply
From the announcement it seems like the attacker had shell access on the machine. If the LN node was online at the time, the macaroon probably had to be available unencrypted either on disk or in memory.
On the other hand, if the LN node was shut down for some reason, then the keys to open the wallet could have been encrypted. Or if the machine was restarted for any reason, then e.g. disk encryption could have stopped the attacker.
reply