Every Lightning service gets hit with a drainage attack eventually, we once had someone exploit internal payments even though external payments had locks/atomic transactions... every Lightning node is a bounty

Even with the atomic solution in place we still run a separate watchdog that tracks LND and DB balances and shuts down on any discrepency

justin_shocknet

Fuck... That was smart... And kind of basic at the same time.

post mortem:

https://njump.me/nevent1qqsgtjfmhp4d0qz2efau8guv2c4p5cpsh3hzjgrzq3f55njgmju8lhcq6dkhv

It's very unfortunate. Sorry for the loss.
> To be honest, I think that's the part that hurts more than the funds I lost. Others trusted the project enough to give it a try but ultimately got burned by something I built. I'm gutted over the fact that some node runners have lost some of their hard earned sats, and I'm truly very sorry this happened.

Once again, truly sorry. 

hasherstacker

A vulnerability in the publsp and liquiditystr (

) Lightning Service Provider (LSP) liquidity leasing protocols was exploited, allowing attackers to obtain liquidity with initial balance without paying the full amount. Multiple LSPs lost funds in the attack, despite early detection and mitigation efforts.

lightning

A vulnerability in the publsp and liquiditystr (https://stacker.news/items/995577) Lightning Service Provider (LSP) liquidity leasing protocols was exploited, allowing attackers to obtain liquidity with initial balance without paying the full amount. Multiple LSPs lost funds in the attack, despite early detection and mitigation efforts.