How LNbank User Lost 4 BTC

LNbank is a plugin for BTCPay Server to use the internal Lightning node in custodial mode: It allows server admins to open up the Lightning node and give users access via custodial layer 3 wallets. All users of BTCPay Server's LNbank plugin are urged to upgrade to to v1.8.9 as soon as possible.

How LNbank User Lost 4 BTC
  • "About 3 months ago, wanting to give back to the community even more, I decided to run a BTCPay server with the goal of onboarding merchants mainly in El Salvador but also other countries. I connected this server to the main Lightning node (the routing one) that, at the time, had 4+ BTC of liquidity," said Hugo Ramos on Stacker.news.
  • "Recently I was running version 1.11.1 of BTCPay server with LNbank v1.6.2 extension to allow merchants to receive Lightning payments."
  • Reminder: All users of BTCPay Server's LNbank plugin are urged to upgrade to to v1.8.9 as soon as possible.
"On December 6th I woke up and noticed most of my LN node balance had been drained out. I started to investigate and realised this happened because 998 Lightning payments were made to the same LN wallet Bitlifi and all these payments, although going out through different channels and nodes, were all converging on the same node at the end: ln-1.anycoin.cz."
  • "About 20 minutes after I woke up) 407.361.805 SATS had been drained out. I decided to shutdown the node."
  • NGINX logs were "a horrible show of thousands and thousands of lines with IP addresses, LNbank API calls, account logins and a shit show of other stuff that I crossed with other data from the node, Postgres DB and BTCPay server to conclude 5 accounts (emails) were created to exploit LNbank and all the satoshis that were stolen amounted to exactly 407.361.805 SATS."
  • "I'm preparing a case to deliver to the authorities in Czech Republic and also Romania and Moldova because the IPs associated to this attack are from Internet Service Providers in those countries."
"I don't know if the authorities or the exchange are going to collaborate in finding the person that conducted the attack on my server but I can't do anything else. Just hope that they identify this person or persons and some of what was stolen can be retrieved."
  • "I've setup a new wallet that will be publicly exposed so that anyone can send what they want/can and check its balance over time. If by any chance or miracle this wallet gets more than 4BTC, I will donate the surplus to help other Bitcoin projects in El Salvador. If you just want to send an email with a kind word of support: hugo@fyoumoneypod.com."

Stacker.news Post / Archive