π¨ LND exploit in the wild π¨
If you are running LND older than 0.18.5 and/or LITD older than 0.14.1, upgrade immediately. Apparently, affected Lightning nodes can be completely drained by attackers.
Lightning Labs has not issued a clarification yet.
Login to reply
Replies (21)
LDK it's ok?
LDK is a library, so it should be ok.
I guess they were to busy bringing shitcoins to lightning (taproot assets) instead of improving security or searching for potential bugs
π¨ LND exploit in the wild π¨
If you are running LND older than 0.18.5 and/or LITD older than 0.14.1, upgrade immediately. Apparently, affected Lightning nodes can be completely drained by attackers.
Lightning Labs has not issued a clarification yet.
View quoted note →
I tested that my upgraded LND works by zapping this post π
ππ
Any estimation for how much money was stolen?
Haven't heard anything
Thanks, I did update my Umbrel.
Update complete. Thanks.
The bug was in litd, you will not be affected if you are not running litd. And afaik there are no confirmed reports of the bug actually being exploited successfully.
This is semi-fud circulating without being verified!
TLDR upgrade Lightning Terminal to 0.14.1 if you run it.
Bitcoin ossification bad
LND version 0.18.5 is currently not available in the Umbrel App Store, do you use a different store or did you upgrade using the terminal?
On mine it is, version 0.18.5-beta, same as on the GitHub, on the app store, all standard repo as far as I know.
Check with Umbrel support if you don't see the update.
I was able to get the update notifications once I rebooted Umbrel, thank you for replying so quickly!
Ffs 0.18.5 is still in beta π
We're still in the reckless phase apparently π
I think the app devs are responsible for their own updates on Start9 arenβt they?
It's in the Start9 repository, so I think they handle it updates. I believe they generally delay them on purpose in case there are unidentified issues with fresh updates.
Registry, not repository. I'm dumb sometimes. But the update is out now.
