Uff 😓 👍 

"This attack isn't easy. Pulling it off involves:

- opening two channels with the victim.
- routing a payment through them.
- successfully replacement-cycling the victim's htlc-timeouts for Δ blocks.
- without the victim discovering the htlc-preimage transaction.
Despite that, the attack is also hard to solve completely, explained @mononaut in a thread.
@niftynei also held X Spaces explaining the vulnerability."