We had a similar exploitation of new features last month with Lightning.Pub, drainage attacks are constantly being attempted on any public facing Lightning API. This has set us back several months (not to mention runway from what was looted) focusing on additional hardening.
Such attacks usually cost something to attempt (deposit first then over-withdraw), and so this is yet another reason you should to self-host because obscurity can be a last line of defense.
The higher profile a service is, the more likely it is where new vulns will be found.
This is just the first alert for those that wrongful are using the demo server as production server.
Soon we will have more details about this incident, posted by Ben.
TO BE CLEAR, do not freak out:
it was affected ONLY the demo server and is not related with production LNbits code
all other LNbits instances that people are running by their own, are NOT affected !
do not start doing stupid stuff with your existing LNbits instance. Wait for further instructions.
another FUD?
Instead of fucking the banksters we are fucking each others now?
This should be an important lesson for you, that with Mutiny you are pushing users to use the default mutinywallet.com domain instead their own servers...
We had a similar exploitation of new features last month with Lightning.Pub, drainage attacks are constantly being attempted on any public facing Lightning API. This has set us back several months (not to mention runway from what was looted) focusing on additional hardening.
Such attacks usually cost something to attempt (deposit first then over-withdraw), and so this is yet another reason you should to self-host because obscurity can be a last line of defense.
The higher profile a service is, the more likely it is where new vulns will be found.
This is just the first alert for those that wrongful are using the demo server as production server. Soon we will have more details about this incident, posted by Ben.
TO BE CLEAR, do not freak out:
A. Avoid LNbits
B. Avoid my advice.
C. Avoid @DarthCoin
Choice is yours...
Says the shitcoiner that don't even know what should use. https://m.stacker.news/28581
Do not use lnbits for anything.
another FUD? Instead of fucking the banksters we are fucking each others now?
This should be an important lesson for you, that with Mutiny you are pushing users to use the default mutinywallet.com domain instead their own servers...
The irony from a fedicoin scammer
When three letters knock on your door, all custodials will fold...