reply on: How To Get Robbed 4 BTC And Be Ignored by Anycoin.cz and BTCPay team \ stacker news ~bitcoin

2471 sats \ 8 replies \ @iguano 11 Dec 2023 \ on: How To Get Robbed 4 BTC And Be Ignored by Anycoin.cz and BTCPay team bitcoin

I'm sorry for your lost, I really am.

but I'm not understanding well.

so I have one question... did you put your lifetime savings (4 BTC), into a ultra hot BTCpay server LN wallet?

153 sats \ 7 replies \ @ramosh OP 11 Dec 2023

I guess you didn't read the complete article. I've been running 2 LN nodes for almost 2 years. Gradually I increased the liquidity in the main one to facilitate onboarding of people into Bitcoin. They have been absolutely secure and always running the latest versions. Also liquidity in channels means multisig layer1. I had nothing in the node hot wallet or BTCPay server hot wallet.

Only after I decided to run BTCPay server, which started only 3 months ago, this happened because of a bug in LNbank which allowed hackers to make payments from the node's channels using the Lightning network.

139 sats \ 4 replies \ @vindard 11 Dec 2023

I'm so sorry to hear this, it's tragic when things like this happen with folks that are just trying to help out.

Also liquidity in channels means multisig layer1. I had nothing in the node hot wallet or BTCPay server hot wallet.

Just to clarify one point though for anyone else reading too, funds in lightning channels are absolutely spendable hot funds, and running things like LNBank in BTCPay, or LNBits, or LNDHub, on top of a node gives that software full access to hot funds in the node, or in this case whatever local-balance-liquidity you had on the routing node you connected to BTCPay (why @iguano said "ultra hot").

The fact that a lightning channel is a 2-of-2 multisig is an implementation detail. Channel updates are blindly signed by both channel parties whenever the lightning balance changes when you send or receive.

I'm mentioning this only in case this was the case here and in case anyone else also has a setup with similar assumptions, and I apologize in advance if I misunderstood anything about the details of your specific setup from what I could tell from reading and re-reading your article.

121 sats \ 2 replies \ @ramosh OP 11 Dec 2023

I fully understand that having funds in a LN node is not the same as having a singlesig layer1 wallet. I also appreciate you explaining it clearly in your comment for others to understand. However I want to focus on the really important thing here: I've been running 2 LN nodes for almost 2 years and they were absolutely secure until the point I connected BTCPay server to one of the nodes.

The important point here is: IF I had never installed a buggy platform like BTCPay + LNbank, the 4 BTC would still be there.

50 sats \ 1 reply \ @clownworld 13 Dec 2023

That might not be true. We always have to keep in mind that there could be unknown vulnerabilities in the software we use. Any hot wallet is risky.

30 sats \ 0 replies \ @elysia 13 Dec 2023

Exactly. Sometimes they like to wait until the right time to withdraw your funds. They could have had an exploit in your software long before this happened.

31 sats \ 0 replies \ @iguano 11 Dec 2023

Thanks for clarifying what I wanted to say, my intention is not to argue in this difficult time for @ramosh, my intention was to clarify to the reader that having funds on LN no matter if those are non-custodial are not the safe way to store or savings, our savings should be on a properly setup cold wallet like a hardware wallet.

10 sats \ 1 reply \ @iguano 11 Dec 2023

I understand, I read the whole thing, same as this reply. I hope you recover from this. best of luck.

50 sats \ 0 replies \ @ramosh OP 11 Dec 2023

Thank you, bro!