I recently get my Core lightning node drained.
Still not sure how the hack happened since I’ve been accessing it only from home and from the office wifi over tor
I also have zeus wallet connected over tor
In the lnbits there are not transactions so I believe this was not the attack vector
Currently the service is off, I’ve changed all the password, but still not sure what i did wrong and how to avoid futures hacks
What can you advice me to do in order to increate the security I have another nots running with similar setup
Please tell us about your full setup. What version of StartOS. Bitcoin, CLN, Zeus, and lnbits? Any other Bitcoin related services or software? What was the source of those applications, and services? The screenshot you sent, is that Zeus? What other applications or devices have access to your server? Has anything been sideloaded on your server? What app-stores do you used with your phone? Have you installed anything, anywhere recently? What about browser extensions, or other site and services – anything that might have a connection to your lightning node?
Hello I’m runny all the latest versions
start os 0.3.5~1
knows 29.2.0~1
CoreLightning 25.12.1~1
LNBits 1.3.1
RTL is version 0.15.4~3
Additionally on my start9 I have electris, mempool, datum, public pool, Vaultwarden - all latest version
All app downloaded form StartOS store, no side loaded packages
Yes the screen shot is from the zeus connected to my CLN over CLNRest Quick Connect
I have reverse proxy to the lnbits to access the api with some lightning devices
The LNBits account has some small balance and the history is clear so I believe it was not involved
I connect only with tor browse with not plugins, the zeus is no my iphone connecting only from thrusted networks
Didn’t install any new applications recently both on my phone and my node, not new apps connecting to the CLN
