Important lightning network node was compromised and is shutting down \ stacker news ~bitcoin

Important lightning network node was compromised and is shutting down www.mediumofexchange.info/

601 sats \ 13 comments \ @k00b 3 Jun 2022 bitcoin

117 sats \ 0 replies \ @0260378aef 3 Jun 2022

Honestly this seems like a success story.

He recovered his funds and the attacker failed to steal, despite a successful social engineering campaign. It's true he lost the node of course, but with a sizeable amount on it, the funds are more important.

However vultr (afair one of the cheaper hosting providers) proved themselves incompetent here. A good recommendation to never use them for anything that even slightly matters.

67 sats \ 2 replies \ @handsome_latino 3 Jun 2022

For the record, their node had 3,238,406,111 satoshi:

Or in other words 32 BTC / almost a million USD in today's rate:

https://btc2fiat.me/?q=3238406111+sats

Smart people always tell me they are not into bitcoin because they are afraid of ECDSA, SHA256; a Software Developer friend is even afraid of "primes" (lol).

The truth is that many big, important systems can be easily broken with a few social tricks.

10 sats \ 1 reply \ @glix 4 Jun 2022

Whey do you mean "afraid"?. Afraid to understand and it or the fact that it exists and is being used?

0 sats \ 0 replies \ @handsome_latino 4 Jun 2022

Afraid ECDSA and particularly the curve used is already cracked by the NSA or has backdoors. Afraid that SHA is not mathematically "proven" to be cryptographically safe.

etc. etc. etc. Basically even though they are engineers, little time has been invested to understand the cryptographic functions used so they default to MSM and FUD. I can't say I understand them fully, by no means, but I try to learn a bit more about them every day.

52 sats \ 0 replies \ @maxtrotter 3 Jun 2022

'Not your hardware not your node'

21 sats \ 0 replies \ @uco 3 Jun 2022

The victim has an excellent point: Why didn’t Vultr simply send an email to at least notify the account is being reported as compromised.

Same solution could be used to avoid SIM swaps. Send email/text notifying owner that another party claims to be locked out of account. Give 48 hours to respond.

30 sats \ 0 replies \ @holzapfelbaum 3 Jun 2022

Thanks for this, @k00b! A terrible reminder of just how important it is to remain aware of where and with whom you are storing your Bitcoin/Lightning data.

0 sats \ 2 replies \ @Gar 3 Jun 2022

Couldn't he have disabled username/password login and only accessed via SSH? Doesn't that solve the problem?

100 sats \ 0 replies \ @nkmg1c_ventures 5 Jun 2022

No, the attacker used social engineering (getting info about the guy) to answer security questions from Vultr. This gave him access not to one container / server but to the guy's entire Vultr web-panel. From there you can get into any box, even in emergencies where you've disabled root login etc, there are recovery consoles.

0 sats \ 0 replies \ @itsrealfake 3 Jun 2022

seems that way

0 sats \ 2 replies \ @j24 3 Jun 2022 freebie

What does it mean in this context that "the wallet was locked"? Couldn't the attacker have used the admin.macaroon to transfer funds?