This is a good example of why running a lightning node is nontrivial and carries risk. It’s definitely not set it and forget it. You’ve gotta stay on top of it, monitor for new updates, especially for security issues like this one.
I often think about if every home could have Lightning Node.
Things like this worry me.
Although my experience is minimal, I wonder if a regular joe node that only did private channels and not accepting new channels would mitigate this particular threat.
But the remote peer(s) would know about the private channel and could potentially attack joe.
This is a good example of why running a lightning node is nontrivial and carries risk. It’s definitely not set it and forget it. You’ve gotta stay on top of it, monitor for new updates, especially for security issues like this one.
I often think about if every home could have Lightning Node.
Things like this worry me.
Although my experience is minimal, I wonder if a regular joe node that only did private channels and not accepting new channels would mitigate this particular threat.
But the remote peer(s) would know about the private channel and could potentially attack joe.
There was a rush in April for everyone to update lightning nodes.
https://twitter.com/callebtc/status/1651646721200365589
https://twitter.com/alexbosworth/status/1651795740849741825
Now we know why :)
I can't find the fix in lnd's git. Could you point me to it?
Update from the March version that was mentioned.
Which commit?
https://github.com/lightningnetwork/lnd/commit/3f6315242a7ceb160c12f6997f5c020362424877
Thank you. Sneaky...