57 sats \ 0 replies \ @DarthCoin 28 Apr
This is just the first alert for those that wrongful are using the demo server as production server.
Soon we will have more details about this incident, posted by Ben.
TO BE CLEAR, do not freak out:
- it was affected ONLY the demo server and is not related with production LNbits code
- all other LNbits instances that people are running by their own, are NOT affected !
- do not start doing stupid stuff with your existing LNbits instance. Wait for further instructions.
reply
100 sats \ 0 replies \ @justin_shocknet 28 Apr
We had a similar exploitation of new features last month with Lightning.Pub, drainage attacks are constantly being attempted on any public facing Lightning API. This has set us back several months (not to mention runway from what was looted) focusing on additional hardening.
Such attacks usually cost something to attempt (deposit first then over-withdraw), and so this is yet another reason you should to self-host because obscurity can be a last line of defense.
The higher profile a service is, the more likely it is where new vulns will be found.
reply
21 sats \ 1 reply \ @Coinsreporter 28 Apr
A. Avoid LNbits
B. Avoid my advice.
C. Avoid @DarthCoin
Choice is yours...
reply
30 sats \ 0 replies \ @DarthCoin 28 Apr
Says the shitcoiner that don't even know what should use.
reply
0 sats \ 3 replies \ @TonyGiorgio 28 Apr
Do not use lnbits for anything.
reply
17 sats \ 1 reply \ @DarthCoin 28 Apr
another FUD?
Instead of fucking the banksters we are fucking each others now?
This should be an important lesson for you, that with Mutiny you are pushing users to use the default mutinywallet.com domain instead their own servers...
reply
31 sats \ 0 replies \ @justin_shocknet 28 Apr
The irony from a fedicoin scammer
reply
0 sats \ 0 replies \ @nout 28 Apr
When three letters knock on your door, all custodials will fold...
reply