lnd backups \ stacker news ~bitcoin

201 sats \ 12 comments \ @ChrisS 18h bitcoin

I'm working on understanding lnd backups better and I have two questions. Is there a way to view the 24 word seed after the first time creating the wallet. And is there a way to delete a wallet state and create a new wallet and/or restore from a backup.

view all related items

100 sats \ 0 replies \ @justin_shocknet 16h

IIRC the seed is only viewable the one time, and the "backups" are encrypted with it, therefore backups are useless without it being recorded separately

I say "backup" because there is no backup in Lightning perse, only the latest state, and the pointers to signal force closes to your peers. Only the latest version of node state is useful, and trying to use an old copy may cause you to lose channel funds due to justice transactions resultant of broadcasting obsolete state

Restoring from backup is meant to get your funds back to you on-chain, you shouldn't re-use a node to create new channels after recovering it: https://github.com/lightningnetwork/lnd/blob/master/docs/recovery.md

You can delete the data for lnd by nuking its storage, where that is varies by OS:

; The default location for this file is in ~/.lnd/lnd.conf on POSIX OSes,
; $LOCALAPPDATA/Lnd/lnd.conf on Windows,
; ~/Library/Application Support/Lnd/lnd.conf on Mac OS
; The default location of this file can be overwritten by specifying the
; --configfile= flag when starting lnd.

Once storage is deleted, if you start LND it'll go through the initialize/recovery prompting as if it were new

If you have meaningful funds in a node and need help with recovery the best move is nothing until getting some support, an error can cost you.

0 sats \ 10 replies \ @xz 16h

From my understanding of aezeed seeds and lnd.

Is there a way to view the 24 word seed after the first time creating the wallet.

no. This is due to lnd security best practice.

is there a way to delete a wallet state and create a new wallet

I'm not sure if I understand exactly what you mean but you can obviously delete your wallet and create a new seed and wallet.

restore from a backup.

If you back up the current state of your .lnd directory, it will have all of your lnd data, thus it's a complete backup. So, that's a sure way of backing up. If it's not encrypted with a password, or twenty-fifth word, obviously that could be used be an attacker to run your node with your wallet.

You can also just backup the SCB file (which updates on channel open/closes, so you need to keep the backup up-to-date.) but this only backs up your db state, so, it would not be helpful to recover your wallet (without the seed.)

So, ideally you need to back up your seed. Failing that you can back up your data folder and keep running your node and manage your wallet's utxos, but you wouldn't be able to restore your wallet without the seed, if you lost your data folder backup.

also aezeed seeds are a bit difficult to restore without using lnd. (it's not at all easy to put the seed in another wallet like electrum and use the wallet.) But maybe I'm wrong on that?

21 sats \ 7 replies \ @ChrisS OP 14h

When we use the aezeed and static channel backup to recover, how much trust, if any, is being put in the channel peer? We are at least trusting them to force close the channel, correct? How long should it take from the time we contact our channel peer for the channel to be forced closed and settled on chain?

100 sats \ 0 replies \ @nullcount 11h

the SCB can only recover channels where your peer is online

if you deploy an SCB and a peer is offline, you will have to keep deploying it and hopefully, they'll come back online.

If both nodes are offline then the channel is one of the ~200k zombie channels identified by LND

17 sats \ 5 replies \ @xz 11h

I think the explanation @justin_shocknet wrote has more detail generally and is important to note what he said about the way SCB backup works. It's not really a backup.

In answer to your question about trust.

I think it's not an issue with channel peers. The only issue is mempools. in that if for some reason your closures went through at a low fee (say 1~3 sats/vB) and then mempools spike, well there'd be costs that might make the small channels get much less funds back as a propotion of the channel size. Also, you might be waiting indefinetly. Usually force closures would estimate appropriately, and they will get mined, even in high fees, just could be unlucky if they spiked for a long duration just after force closing. But peers are not really an issue. Funds a re safe.

The scenario in that you might lose a seed phrase might be a problem only if you lost access to your node (corrupted db, SSD or whatever.) You could just have an external wallet in Bitcoin Core or whereever you like and close channels one by one (without force closing) and shift all of your funds to a new wallet by opening channels with a close address for your new wallet. But then again, maybe this is not going to work for force closing. So, bit difficult to say in each scenario.

I meant to say above, if you have the seed, and want to keep using the node, you can just close old channels one by one, and if you wanted to open any new channels, use an expernal wallet (lilke one that is cold storage, hww, or multi-sig) with:

lncli openchannel xxx --local_amt xxx --close_address bc1xxx --sat_per_vbyte x

bos open xxx --amount xxx --coop-close-address bc1xxx

not sure if there's much difference in those two commands.

107 sats \ 3 replies \ @justin_shocknet 11h

It's kind of trusted unless you have recourse, since the SCB basically asks the peer to force close the channel as a signal that you don't have the latest state to do it gracefully yourself.

If they're willing to wager that you completely lost the state, as in don't have a watchtower somewhere, they could broadcast an old state and steal some funds that were sent to your side of the channel. The risk to them is that you might have set a trap, and the latest state in a watchtower somewhere ready to issue a justice tx should they attempt this.

If the peer is altogether unreachable, recovery gets more complicated and involves external chantools that Lightning Labs has available, this too would require the seed phrase.

17 sats \ 0 replies \ @xz 11h

AH yes. I stand corrected. this is true. I forget about this because make a point of checking I have watchtowers.

0 sats \ 1 reply \ @ChrisS OP 10h

Thanks for your help. I was able to test backup with the seed phrase and static channel backup and everything worked as expected. What would the next step be to back up the node in such a way as to not have to trust the peer to not try and steal your funds with an old state and to be able to recover funds if peer is offline? I understand there’s a lot of things that can go wrong if your backup is not completely up to date and your accidentally broadcast an old state. But there must be some way to safely do it.

0 sats \ 0 replies \ @justin_shocknet 9h

A watchtower is basically a second node to deal with some of these issues

https://github.com/lightningnetwork/lnd/blob/master/docs%2Fwatchtower.md

Even if everything goes perfectly in a recovery scenario, closing channels and replacing them can get expensive, so it's best to make sure the node environment is a resilient one so it doesn't come up... I suggest an Nvme with a laptop battery at minimum

0 sats \ 0 replies \ @xz 11h

*edit: I meant, If you want to keep using but DON'T have the seed.. but I guess it's obviously a much safer to have the seed!

0 sats \ 1 reply \ @atitlanio 15h

Correct on the last part re the aezeed. Because it has the start date of the wallet encoded into it, it will not return a valid BTC on-chain wallet. So either you would just reseed an LND wallet with the aezeed backup, which would then presumably let you ask any peers in channels.backup to force close. Then you can retrieve the funds from doing an on chain transaction through ln-cli (lnd-cli?).

In a case where you know all the funds have arrived back on-chain (i.e., all channels have closed and funds confirmed on-chain) and you want to access it using a standard BTC mnemonic (note: bluewallet accepts aezeed words), I believe you can use Iancoleman.io to get the on-chain key from the aezeed. (Remember to follow the security cautions!)

0 sats \ 0 replies \ @xz 11h

Yeah. It took me a while to realize aezeed seeds are not really the same thing at all. Is it even possible to use offline seed tool? I've never heard anyone achieve that.

Sending funds out does seem safer. I'd feel very awkward about using a seed tool like iancoleman to restore any funds.