Thread

OMG. I have an Alby hub with very limited funds. I will use no longer.

? any response #AlbyHub nostr:nevent1qqs06h3kjvgmk9kmsxmzzffxdhxf0hpzd5gum5wxymzgaw5srptknccpzemhxue69uhhyetvv9ujucm0d9hx7uewd9hj7q3qt5atsakzq63h45asjn3qhlpeg80nlgs6zkkgafmddyvywdufv6dqxpqqqqqqzy6729w

Ah damit never keep more then a few $100 worth of bitcoin in such wallets

That sucks. I don't use Alby. But know a few who do. Got more details?

Hey Francis, we’re really sorry this happened. In this case, the Umbrel setup was reachable publicly on the clearnet, so it could be accessed from the outside. At the same time Alby Hub had also been installed but the setup wasn’t finished yet. Since the unlock password is created during that setup flow, no password had been set at the time which allowed the attacker to finish the setup and change the Alby Hub configuration. We’ve submitted a PR to Umbrel to add an extra authentication layer to require the umbrel password to access alby hub. https://github.com/getumbrel/umbrel-apps/pull/4028 It is sad that people from the community attack such projects. Projects that create awesome things for the community and push the adoption of bitcoin. Projects that work for the benefit of all of us and not for their own profit. We call on the attacker to return the funds!