675b84fe75e216ab...

Apparently Bitrefill were hacked in a pretty sophisticated way. Honestly it's kind of an advertisement for them, paradoxically: they're one of the few long running sellers of goods and services for bitcoin that at least offer the right model: you pay a lightning invoice, anonymously, you get the thing. you might need an email or something, but that's OK. absolutely minimized risk of funds theft along the way (only exposed *very* briefly), absolutely minimized risk of leak of personal info to hackers (since you give them so little; almost nothing in fact; notice in particular that LN does a very good job of hiding the sender's origin from the receiver; not 100% perfect but exceptionally good with non custodial wallets, heck even custodial, perhaps, depending on details, though I absolutely do not recommend custodial LN, for different reasons).

an interesting point about this: there's a reason bitcoin devs tried quite strenuously, and eventually succeeded several years ago, in removing all openssl dependency from the bitcoin project. it's the nature of some of the truly awful protocols (ASN1 , X509 and etc etc) that openssl had to, or chose to support. so yes a very natural and correct reaction is "holy shit what happens when people find similar bugs in the consensus layer of bitcoin" but it's also true that it's a very controlled and very stress-tested surface area that removed stuff that was problematic. It's also true that even 1 small bug could be catastrophic. I guess we'll see! nostr:nevent1qqsgehzm6ggqe2nszaq5xlxlmcwlqh7l62mcpr82gs2k0htuqlust4sprpmhxue69uhkummnw3ezumr0wpczuum0vd5kzmp0qgs0w2xeumnsfq6cuuynpaw2vjcfwacdnzwvmp59flnp3mdfez3czpsrqsqqqqqp7fcr3y

Yes it needs a soft fork. The important thing is there's a solid theoretical basis for actually doung CISA. Experience with MuSig taught us you have to be super careful building these algos ... the power that Schnorr's linearity gives you is a double edged sword.

Interesting. If we think of LN, we have that: not only ability to withdraw, but also ability to maintain currently held funds, passively, can be violated even without 51% attack but merely through censorship by miners, or even pure unavailability or pricing out through fees > available balance. Hence someone put it in some pithy statement that I can't remember along the lines of "in Lightning censorship resistance is a security requirement" (meh I can't remember exactly but you get it). But then is that overlapping with a 51% attack, or not? I always thought of the latter as specifically referring to attempts to "undo" payments, so changing inclusion and/or ordering of txs. I think I'm trying to say that, with this definition, even LN doesn't count as an L2, does it?