It was an exploit related to @Alby hub. Their installation page requires 0 authentication and gives access to the entire node. They call it good UI.
Login to reply
Replies (4)
OMG. I have an Alby hub with very limited funds. I will use no longer.
Ah damit never keep more then a few $100 worth of bitcoin in such wallets
That sucks.
I don't use Alby. But know a few who do.
Got more details?
Hey Francis, we’re really sorry this happened.
In this case, the Umbrel setup was reachable publicly on the clearnet, so it could be accessed from the outside. At the same time Alby Hub had also been installed but the setup wasn’t finished yet. Since the unlock password is created during that setup flow, no password had been set at the time which allowed the attacker to finish the setup and change the Alby Hub configuration.
We’ve submitted a PR to Umbrel to add an extra authentication layer to require the umbrel password to access alby hub. 
It is sad that people from the community attack such projects. Projects that create awesome things for the community and push the adoption of bitcoin. Projects that work for the benefit of all of us and not for their own profit.
We call on the attacker to return the funds!
GitHub
fix: enable albyhub app proxy auth by default by NodeDiver · Pull Request #4028 · getumbrel/umbrel-apps
Turned on PROXY_AUTH_ADD so Alby Hub now sits behind Umbrel’s app proxy.
This forces anyone visiting the app to authenticate with their Umbrel a...