846 sats \ 8 replies \ @025738dda8 12 Dec 2023 \ on: How To Get Robbed 4 BTC And Be Ignored by Anycoin.cz and BTCPay team bitcoin
I am curious, how do you measure the security of your node? You explicitly say, "my node was running for 2 years and was absolutely secure. Then I installed X and bad things happened." I am sorry, but this means nothing. The vulnerability is the human factor here... All systems are secure until they aren't. Look eg. at ACINQ, how they try to secure their nodes with ledgers. Hard work.
Anyway, with respect to your loss, I believe that the more interesting thing here now is the vulnerability itself. I've looked at the source code (https://github.com/dennisreimann/btcpayserver-plugin-lnbank/commits/master), there should be the fix in the 1.8.9 release. However, it is very difficult to figure out anything about it. There is no description. Am I blind or is it intentional? Can somebody explain what was the issue? Or is it a secret?
There is no mention of any critical vulnerability fix in the release notes: https://github.com/dennisreimann/btcpayserver-plugin-lnbank/releases/tag/v1.8.9. Like, seriously?
Here is a pretty new issue to start doing CI/CD: https://github.com/dennisreimann/btcpayserver-plugin-lnbank/issues/57 in the project. Great! But wait, hey, this project is intended to maintain others' people money and it does not use CI/CD yet? "Somebody has lost his founds, so it looks like it is now the right time to start testing..." WTF?
Nowadays, anybody can write code because it looks easy. Even AI can write code today. Sharing everything. But where is some responsibility? Ok, it's FOSS, no warranty... But, really?
write
preview
5 sats \ 0 replies \ @nikicat 17 Dec 2023
This change looks suspicious: it resides inside a commit named "More transaction sorting" but instead it changes wallet balance caching code, which is a quite possible spot for a vulnerability.
reply
21 sats \ 0 replies \ @nemo 12 Dec 2023
deleted by author
reply
0 sats \ 2 replies \ @ramosh OP 13 Dec 2023
Brother, I was a developer and sysadmin myself for many years. Old school python dev. Once I learned a great lesson with someone I respect a lot... "If you want you server to be completely 1000% secure, disconnect both the network cable and power cable."
I understand nothing can be 1000% totally secure but after running 2 LN nodes for almost 2 years, using always latest versions of LND, using a great firewall on my network and many other things like researching all the time and being aware of bug reports, I had 0 (zero) issues with the LND node itself. Considering this I felt I could trust LND and my implementation to have it in production. And for 2 years all went fine until a installed BTCPay server a few months ago.
Regarding the rest of your comment, I totally agree 100% with you.
reply
21 sats \ 0 replies \ @025738dda8 13 Dec 2023
I believe, you did your best.
It is now important to prevent such silly things in the future as much as we can. Bitcoin is not a toy anymore.
Take care.
reply
0 sats \ 0 replies \ @john_doe 21 Jan
With all due respect, in retrospect I don't think you should consider "I had 0 (zero) issues" as a condition to put all your life savings or deduce something is bug free. If you are not risk adverse, putting 1/4 would have been better. Just one example: many people use bash and yet there was a critical bug discovered in it in 2015 I think, heartbleed. And yet it was considered safe to use for years.
reply
0 sats \ 2 replies \ @clownworld 13 Dec 2023
How does ACINQ use a ledger to secure a lightning node?
reply
30 sats \ 0 replies \ @025738dda8 13 Dec 2023
https://acinq.co/blog/securing-a-100M-lightning-node
reply
0 sats \ 0 replies \ @elysia 13 Dec 2023
They probably track everything because of that.
reply