100 sats \ 1 reply \ @WeAreAllSatoshi 24 Aug
This is a good example of why running a lightning node is nontrivial and carries risk. It’s definitely not set it and forget it. You’ve gotta stay on top of it, monitor for new updates, especially for security issues like this one.
reply
100 sats \ 0 replies \ @sime 24 Aug
I often think about if every home could have Lightning Node.
Things like this worry me.
Although my experience is minimal, I wonder if a regular joe node that only did private channels and not accepting new channels would mitigate this particular threat.
But the remote peer(s) would know about the private channel and could potentially attack joe.
reply
100 sats \ 0 replies \ @sime 24 Aug
There was a rush in April for everyone to update lightning nodes.
https://twitter.com/callebtc/status/1651646721200365589
https://twitter.com/alexbosworth/status/1651795740849741825
Now we know why :)
reply
10 sats \ 4 replies \ @C_Otto 24 Aug
I can't find the fix in lnd's git. Could you point me to it?
reply
10 sats \ 3 replies \ @Bitman 24 Aug
Update from the March version that was mentioned.
reply
0 sats \ 2 replies \ @C_Otto 24 Aug
Which commit?
reply
111 sats \ 1 reply \ @shibe 24 Aug
https://github.com/lightningnetwork/lnd/commit/3f6315242a7ceb160c12f6997f5c020362424877
reply
10 sats \ 0 replies \ @C_Otto 24 Aug
Thank you. Sneaky...
reply