Risk is an exposure and management process. Supply chain attacks or zero days are possible and not of zero risk.
Active/dynamic systems (multiple lightning implementations and lightning channels) are generally at much greater risk than passive (btc cold wallet address). The overall risk may still be low - while the relative risk is quite different.
Side attacks are also very possible - like requesting a refund via a path hint with a high fee node the attacker controls. Unless you mitigate against something like this, naive implementations are vulnerable.
Same goes for Umbrel. LND may be safe, while an app update or new app could escape docker and do bad things.
It’s a matter of when, not if. Yet it’s all a risk management process at the core.
wakoinc / Blake
npub1ktw…mrvj
2023-06-25 16:16:55
in reply to nevent1q…8sx9
Author Public Key
npub1ktw5qzt7f5ztrft0kwm9lsw34tef9xknplvy936ddzuepp6yf9dsjrmrvjPublished at
2023-06-25 16:16:55Event JSON
{
"id": "4e67c5a78837afc32e2bdc613f73dc16051d4069cccced743ceb1a1980772295",
"pubkey": "b2dd40097e4d04b1a56fb3b65fc1d1aaf2929ad30fd842c74d68b9908744495b",
"created_at": 1687702615,
"kind": 1,
"tags": [
[
"e",
"9394709eb80a4aefb2fbc2ebd67efbc4fee71110ea827d3044a3552163be7a63",
""
],
[
"e",
"cade11bad0e962e42805a5428eda066bfee05fd648cb5d36d3110244a076a516"
],
[
"p",
"021d7ef7aafc034a8fefba4de07622d78fd369df1e5f9dd7d41dc2cffa74ae02"
],
[
"p",
"021d7ef7aafc034a8fefba4de07622d78fd369df1e5f9dd7d41dc2cffa74ae02"
]
],
"content": "Risk is an exposure and management process. Supply chain attacks or zero days are possible and not of zero risk.\n\nActive/dynamic systems (multiple lightning implementations and lightning channels) are generally at much greater risk than passive (btc cold wallet address). The overall risk may still be low - while the relative risk is quite different. \n\nSide attacks are also very possible - like requesting a refund via a path hint with a high fee node the attacker controls. Unless you mitigate against something like this, naive implementations are vulnerable.\n\nSame goes for Umbrel. LND may be safe, while an app update or new app could escape docker and do bad things. \n\nIt’s a matter of when, not if. Yet it’s all a risk management process at the core.",
"sig": "a96d7e65b8334cde9d66755cc8dac5468304a14e6da97b346c08b0c0ffccc3a2ed5ecb8fabaaf9fa00789920384e694d69ce2c023360531f5a4cd98e3b948d40"
}