Thread - Nostr Hypermedia

Relays: 5

Replies: 26

Generated: 07:25:39

Francis Mars francismars@chainduel.net npub1t5at...ahcl

Tough day. Chain Duel’s Bitcoin infrastructure got hacked. The attacker used Boltz to drain all Lightning funds and emptied the on-chain wallet to a coinjoin. Probably our fault for exposing Umbrel on clearnet, but it still hurts. Learning the hard way. Don’t make the same mistake.

2025-11-07 14:36:06 from 1 relay(s) 17 replies ↓

Replies (26)

AverageGary gary@bitcoinveterans.org npub160t5...yjc9

Oof

2025-11-07 14:41:52 from 1 relay(s) ↑ Parent Reply

Derek Ross derekross@grownostr.org npub18ams...p424

Damn. I'm sorry that happened.

2025-11-07 14:42:34 from 1 relay(s) ↑ Parent 1 replies ↓ Reply

Pedro 🧨 _@pedromvpg.com npub13nfd...vn7c

Lost forever

2025-11-07 14:49:55 from 1 relay(s) ↑ Parent Reply

Pedro 🧨 _@pedromvpg.com npub13nfd...vn7c

Funds were lost, lessons were learned. nostr:nevent1qvzqqqqqqypzqhf6hpmvyp4r0tfmp98zp07rjswl873p59dv36nk66gcgumcje56qqsqyd4lx7sqhe6zxzmrn3pqa9vm2q0s4z59g874smymkvx0862g6as0kamfe

2025-11-07 14:51:20 from 1 relay(s) ↑ Parent 1 replies ↓ Reply

DarthCoin ₿⚡️ darthcoin@stacker.news npub1lxkt...5xlc

You should make a full post about this incident, more detailed. As a lesson for others. Maybe use SN https://stacker.news for that?

2025-11-07 15:00:08 from 1 relay(s) ↑ Parent 1 replies ↓ Reply

Francis Mars francismars@chainduel.net npub1t5at...ahcl

it hits hard

2025-11-07 15:04:22 from 1 relay(s) ↑ Parent Reply

Francis Mars francismars@chainduel.net npub1t5at...ahcl

we might, still trying to figure out what happened ..

2025-11-07 15:04:40 from 1 relay(s) ↑ Parent 1 replies ↓ Reply

Sharspace Sharspace@BitcoinNostr.com npub1lwwe...g4w9

That's terrible. How did this happen?

2025-11-07 15:13:12 from 1 relay(s) ↑ Parent 1 replies ↓ Reply

The_Crin npub1v4qq...c9al

stand firm

2025-11-07 15:15:13 from 1 relay(s) ↑ Parent 1 replies ↓ Reply

Francis Mars francismars@chainduel.net npub1t5at...ahcl

thank you we will

2025-11-07 15:49:42 from 1 relay(s) ↑ Parent Reply

Francis Mars francismars@chainduel.net npub1t5at...ahcl

still trying to figure out what was the access point

2025-11-07 15:50:01 from 1 relay(s) ↑ Parent Reply

calle calle@cashu.me npub12rv5...85vg

sorry to hear that, sucks. you’ll recover.

2025-11-07 16:59:19 from 1 relay(s) ↑ Parent 1 replies ↓ Reply

Francis Mars francismars@chainduel.net npub1t5at...ahcl

thank you, it's hard to wake up a see this but hopefully we'll come back stronger

2025-11-07 17:22:27 from 1 relay(s) ↑ Parent Reply

Nathan Day nathan@btcmap.org npub1cn67...wt8a

Damn.

2025-11-07 17:24:31 from 1 relay(s) ↑ Parent 1 replies ↓ Reply

Patrick _@patrickulrich.com npub1patr...9h9a

Very understandable! I hope you can learn more and share. Hate to hear it's happened.

2025-11-07 17:27:50 from 1 relay(s) ↑ Parent Reply

Francis Mars francismars@chainduel.net npub1t5at...ahcl

right after releasing the new pubpay nip05 service :(

2025-11-07 17:27:54 from 1 relay(s) ↑ Parent Reply

R npub1mewn...hq8d

Bummer. Thanks for being the man in the arena, the doer of deeds who dares to try! I don’t know a thing about Chain Duel yet appreciate your work.

2025-11-07 17:42:18 from 1 relay(s) ↑ Parent 1 replies ↓ Reply

Francis Mars francismars@chainduel.net npub1t5at...ahcl

Thank you for your support 🙏

2025-11-07 18:06:43 from 1 relay(s) ↑ Parent Reply

REDACTED npub1xqgz...mc7v

So sorry to hear that. How was Umbrel exposed on clearnet?

2025-11-07 18:46:16 from 1 relay(s) ↑ Parent Reply

OzzyHB ozzyhb@nostrplebs.com npub1sgd5...4hn0

I cringe when ppl ask for advise, support their key management etc.. Actually building infra for others... The pressure and pain from breaches, I cannot fathom. Hope future days are mainly brighter

2025-11-07 21:56:49 from 1 relay(s) ↑ Parent Reply

Tanja tanja@primal.net npub1hz5a...tysa

I’m so sorry to read this 🥺🫂

2025-11-08 11:03:11 from 1 relay(s) ↑ Parent Reply

AZA_21m aza_21m@iris.to npub134d6...yggk

Painful lesson 🥺 Sorry to hear, but sure "it happened for a good cause," for example, letting you secure the system for the future.

2025-11-08 11:18:42 from 1 relay(s) ↑ Parent Reply

Marc marc@primal.net npub1marc...f3g0

Sucks man. Sorry to hear this.

2025-11-08 14:52:11 from 1 relay(s) ↑ Parent 1 replies ↓ Reply

Francis Mars francismars@chainduel.net npub1t5at...ahcl

thank you man 🙏 it really does suck

2025-11-08 15:50:01 from 1 relay(s) ↑ Parent Reply

Pric Rider npub1pfdx...kn0n

Brutal. If Umbrel was on clearnet, assume full compromise: isolate the box, rotate LND macaroons and TLS, sweep any residual on chain to fresh descriptors, and rebuild clean. For the relaunch, at Masters of The Lair we favor Tor only, RPC bound to localhost, admin behind WireGuard, default deny firewall, alerts and daily caps on swap volume, and a tiny hot wallet with policy guardrails. Any IOCs or which creds were taken you can share to help others?

2025-11-10 20:49:55 from 1 relay(s) ↑ Parent Reply

Johann johann@rizful.com npub19wdh...dmnl

🫂

2025-11-11 16:41:51 from 1 relay(s) ↑ Parent Reply