Relatively new to Umbrel. I have installed Bitcoin Core on my Umbrel Home and am running v28.0.0. I have had an issue with Jam (GUi for Joinmarket) and I think I got scammed on Telegram while looking for help. In the process of DMing someone about my problem I gave out some identifying information including my Umbrel device serial number and my Bitcoin Core RPC Address (Host). I know, dumb, dumb, dumb (at least i didn’t give out any seed phrases). I don’t have any BTC in my node wallet. I do have a lighning node set up with Alby Hub. I am using Electrs to connect Sparrow. What do I have to do to resecure my node or is that even possible?
First of all, keep calm. You say you don’t have BTC funds in your node. So, there’s nothing they can steal from you and we can go easy.
You say: I gave out some identifying information including my Umbrel device serial number and my Bitcoin Core RPC Address (Host)
- Are you sure it’s just that and nothing else?
- Bitcoin Core RPC Address (Host) Which one?.. RPC(Tor) or RPC(Local Network). If it’s RPC(Local Network), they have to be connected within your network to access it and if it’s through Tor… Well, that’s starting to get a little bit complicated.
Then you say: I do have a lighting node set up with Alby Hub.
- I assume you have funds to open lighting node channels. So, do you have funds, or not?.
Main recommendation and the one we’ll probably get to: If you have no funds on your node and nothing important that can’t be backed up/recovered and you don’t feel completely safe after what happened… Then format and install everything from scratch. This way you make sure there’s nothing weird lurking around and any access they might have will no longer work.
1 Like
Bitcoin Core RPC Address (Host) Which one?
Answer: RPC(Tor).
Lightning node has about 300k sats.
I do have a significant amount of sats in the wallet connected to Electrs server.
Based solely on the information you provide.
-
“…some identifying information including my Umbrel device serial number…”. The serial number of your umbrel device is irrelevant. The “identifying information”, depending on what you have given, can be used to try to locate you. If you did not give anything “important”, it is also irrelevant.
-
Your Bitcoin Core RPC (Tor) Address (Host). If you did not give the password they can only try to connect but without the password… Well, draw your own conclusions.
-
Lightning node has about 300k sats and a significant amount of sats in the wallet connected to Electrs server. At possible risk based on the points above.
I cannot tell you more about it with the information you have provided.
Personally and taking into account that I tend to be very “paranoid” with this type of things, if this had happened to me I would not be able to rest easy because, as you say, my node has been “compromised” and I do not know for sure to what extent. For the same reason, I would move the funds I had to a secure wallet, format and install everything from scratch with the assurance that this new node would only be controlled and accessible by me, completely forgetting about the previous node. That way I would be more at ease.
But I repeat, taking into account that I tend to be very “paranoid”.
Weigh what there is and make your decision.
The only info revealed by me were the Umbrel SN and the Bitcoin Core RPC (Tor) Address (Host). Nothing else. No passwords were given.
If I do want to reformat the 2TB drive, is that function available in the OS Umbrel uses? If not, what file system is used?
If you are sure that you only provided that data and no passwords, I think there is no great risk.
If you decide to start from scratch, I do not have an umbrel home but for example in this thread there is a guide on how to reset the umbrel home.
If you are going to take the step, I recommend that you read and make a plan so that you do not lose something important and/or have problems.
Thank you for help. I think I will just stay put for now. I will take this Telegram incident as “something learned”, the hard way.
1 Like