Oddbean new post about | logout
Jameson Lopp | 11 months ago (raw) | root | parent | reply | flag 
 Yes, and if you're running a node and someone gets your admin macaroon they can drain funds.
satspervb | 11 months ago (raw) | root | parent | reply | flag 
 How would they be able to get the adminmacaroon? And what precautions can you take to eliminate this risk?
Jameson Lopp | 11 months ago (raw) | root | parent | reply | flag +1 
 Any "controller" wallet software that requires it could get compromised. Like the recent btcpay plugin that caused someone to lose several BTC.
satspervb | 11 months ago (raw) | root | parent | reply | flag 
 Just read tye whole thread about it. Terrible! 

Ok so basically don't rely on the plugins?

Been running Umbrel for about 2.5 years. No issues of this kind. 

I now run a dedicated BTCPayserver but it has zero liquidity so far. Have similar plans as the guy who lost BTC there.
satspervb | 11 months ago (raw) | root | parent | reply | flag 
 Or maybe I interpreted to narrow. Not letting any one third party software manage your macaroon?
Jameson Lopp | 11 months ago (raw) | root | parent | reply | flag +1 
 It's preferable if you have to give out a macaroon for a third party integration that it's a read-only macaroon that only allows creation of invoices.
satspervb | 11 months ago (raw) | root | parent | reply | flag 
 Right,  I know that difference. But I don't understand why one would give the admin macaroon?