BTCPay Server's LNBank Plugin Is Being Phased Out Following Second Critical Vulnerability

"I am discontinuing the development of LNbank because for now there is no way for me to guarantee the safety of its usage," wrote LNbank's developer d11n.

BTCPay Server's LNBank Plugin Is Being Phased Out Following Second Critical Vulnerability
  • "A critical security vulnerability has been found in LNbank, external plugin v1.9.0. To mitigate, all users using this plugin are urged to update immediately."
  • "This security vulnerability only affects users using LNbank plugin, if you don't have it enabled ,you're safe and no further actions are needed."
"v1.9.2 will be the last version of LNbank and everyone using the plugin should phase out its usage, especially if you are running this on an instance, which offers public registration for everyone," wrote developer d11n in a blog post.
  • "v1.9.2 fixes the particular vulnerability and also completely disables the sending functionality. It is an additional security measure to prevent any further loss."
  • You can read the recap of the first LNbank vulnerability here.
  • "There's a support channel for all LNbank users on http://chat.btcpayserver.org if you require assistance, join there."

Announcement / Archive
Blog Post / Archive