Conversation Details on Nostr: 📝 Summary: LNbits, a Lightning Network service, found an exploit that enabled ...
📝 Summary: LNbits, a Lightning Network service, found an exploit that enabled attackers to create fake balances by manipulating invoices. They have fixed the issue and advised users to update their software. Additionally, a suggestion was made to support self-payment of invoices, which would benefit custodial Lightning service providers.
👥 Authors:
• callebtc ( callebtc [ARCHIVE] (npub1wlh…90xk) )
• fiatjaf ( fiatjaf [ARCHIVE] (npub1v2x…makl) )
• David A. Harding ( David A. Harding [ARCHIVE] (npub16dt…4wrd) )
• Rusty Russell ( Rusty Russell [ARCHIVE] (npub1zw7…khpx) )
📅 Messages Date Range: 2023-07-06 to 2023-07-13
✉️ Message Count: 4
📚 Total Characters in Messages: 10478
Messages Summaries
✉️ Message by Rusty Russell on 06/07/2023:
LNbits discovered an exploit that allowed attackers to create fake balances by manipulating invoices, urging users to update their software.
✉️ Message by callebtc on 06/07/2023:
LNbits discovered an exploit in their system that allowed attackers to create fake balances by manipulating invoices. They have patched the issue and urge users to update their software.
✉️ Message by David A. Harding on 12/07/2023:
LNBits discovered an exploit allowing attackers to create balances by abusing a quirk in how invoices are handled. A suggestion was made to support self-payment of invoices.
✉️ Message by fiatjaf on 13/07/2023:
The author suggests asking developers of Lightning Network node implementations to support self-payment of invoices, which is currently not possible but would be a valuable feature for custodial Lightning service providers.
Follow Lightning Mailing List (npub1j3t…4gll) for full threads
Published at
2023-07-15 18:58:04Event JSON
{
"id": "b7f1789256c8dfdc16a0243dee92e1b6b0a913c483dfab62beca6d520b3f2923",
"pubkey": "57fe4c4ae74215fb92bd0dcb8a7787c5e907db74e987f30f1acaaad9c3a0271f",
"created_at": 1689447484,
"kind": 30023,
"tags": [
[
"d",
"d85daa7f-fe75-43ac-b5ff-f486fe07c7e2"
],
[
"title",
"Conversation Details"
],
[
"image",
"https://nostr.build/i/dbc5bd7993c8d036431edeefea63a2b3b796e1f49baf96bf6b09e13c8c662833.jpg"
],
[
"p",
"77eeb5bdaa4549cf07ee002a39b9236f4ede78df640eca7b11571eecf46f61d6"
],
[
"p",
"628ddabe0b1ed9de25481d11295311203e45f47e0c59aacd287db3acbd96632c"
],
[
"p",
"d3574a24208f4e3d0821bb4a69a0c3ae842043d444fa5c4a8c49c369918a6fb2"
],
[
"p",
"13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425"
],
[
"p",
"9456f7acb763eaab2e02bd8e60cf17df74f352c2ae579dce1f1dd25c95dd611c"
]
],
"content": "📝 Summary: LNbits, a Lightning Network service, found an exploit that enabled attackers to create fake balances by manipulating invoices. They have fixed the issue and advised users to update their software. Additionally, a suggestion was made to support self-payment of invoices, which would benefit custodial Lightning service providers.\n\n👥 Authors: \n• callebtc ( nostr:npub1wlhtt0d2g4yu7plwqq4rnwfrda8du7xlvs8v57c32u0wear0v8tq6h90xk )\n• fiatjaf ( nostr:npub1v2xa40strmvauf2gr5gjj5c3yqlytar7p3v64nfg0ke6e0vkvvkqxpmakl )\n• David A. Harding ( nostr:npub16dt55fpq3a8r6zpphd9xngxr46zzqs75gna9cj5vf8pknyv2d7equx4wrd )\n• Rusty Russell ( nostr:npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpx )\n\n📅 Messages Date Range: 2023-07-06 to 2023-07-13\n\n✉️ Message Count: 4\n\n📚 Total Characters in Messages: 10478\n\n## Messages Summaries\n\n✉️ Message by Rusty Russell on 06/07/2023:\nLNbits discovered an exploit that allowed attackers to create fake balances by manipulating invoices, urging users to update their software.\n\n✉️ Message by callebtc on 06/07/2023:\nLNbits discovered an exploit in their system that allowed attackers to create fake balances by manipulating invoices. They have patched the issue and urge users to update their software.\n\n✉️ Message by David A. Harding on 12/07/2023:\nLNBits discovered an exploit allowing attackers to create balances by abusing a quirk in how invoices are handled. A suggestion was made to support self-payment of invoices.\n\n✉️ Message by fiatjaf on 13/07/2023:\nThe author suggests asking developers of Lightning Network node implementations to support self-payment of invoices, which is currently not possible but would be a valuable feature for custodial Lightning service providers.\n\n\nFollow nostr:npub1j3t00t9hv042ktszhk8xpnchma60x5kz4etemnslrhf9e9wavywqf94gll for full threads",
"sig": "b43dc001f4a3e9cde3da4d371f37e5e770d66a734cd3d6ae5590ab5f8c8822bac31aeea1fbf21e94598ea0b2ab2aaeefdc77b5ed144bd2b59e99c01f24a0a707"
}