LND Security Breach Post Mortem
Contents
LND Security Breach Post Mortem
Events Summary
On May 9, 2025, LND experienced a security breach that led to the unauthorized transfer of approximately $1.27 million USD. The incident was traced to a developer unknowingly hired by the team whom turned out to be a undercover DPRK IT worker. This individual/team unlawfully accessed the project’s administrative keys and executed a series of unauthorized transactions.
Upon identifying the breach, LND promptly initiated a coordinated incident response. The team immediately engaged with blockchain investigators ZachXBT and SEAL to help contain the situation and prevent further damage. The team temporarily shut down the frontend to mitigate the risk of any malicious code being injected by the attacker. Additionally, with the support of the SEAL team, warnings were implemented with MetaMask and UniSat to alert users that LND.fi was compromised and not safe to interact with during the ongoing investigation.
Since the attack, LND and its security partners …
Events Summary
On May 9, 2025, LND experienced a security breach that led to the unauthorized transfer of approximately $1.27 million USD. The incident was traced to a developer unknowingly hired by the team whom turned out to be a undercover DPRK IT worker. This individual/team unlawfully accessed the project’s administrative keys and executed a series of unauthorized transactions.
Upon identifying the breach, LND promptly initiated a coordinated incident response. The team immediately engaged with blockchain investigators ZachXBT and SEAL to help contain the situation and prevent further damage. The team temporarily shut down the frontend to mitigate the risk of any malicious code being injected by the attacker. Additionally, with the support of the SEAL team, warnings were implemented with MetaMask and UniSat to alert users that LND.fi was compromised and not safe to interact with during the ongoing investigation.
Since the attack, LND and its security partners …