This is just the first alert for those that wrongful are using the demo server as production server. Soon we will have more details about this incident, posted by Ben.
TO BE CLEAR, do not freak out:
  • it was affected ONLY the demo server and is not related with production LNbits code
  • all other LNbits instances that people are running by their own, are NOT affected !
  • do not start doing stupid stuff with your existing LNbits instance. Wait for further instructions.
reply
We had a similar exploitation of new features last month with Lightning.Pub, drainage attacks are constantly being attempted on any public facing Lightning API. This has set us back several months (not to mention runway from what was looted) focusing on additional hardening.
Such attacks usually cost something to attempt (deposit first then over-withdraw), and so this is yet another reason you should to self-host because obscurity can be a last line of defense.
The higher profile a service is, the more likely it is where new vulns will be found.
reply
A. Avoid LNbits
B. Avoid my advice.
C. Avoid @DarthCoin
Choice is yours...
reply
Says the shitcoiner that don't even know what should use.
reply
Do not use lnbits for anything.
reply
another FUD? Instead of fucking the banksters we are fucking each others now?
This should be an important lesson for you, that with Mutiny you are pushing users to use the default mutinywallet.com domain instead their own servers...
reply
The irony from a fedicoin scammer
reply
When three letters knock on your door, all custodials will fold...
reply