I’m no security expert but I think the biggest security risk is this:
- Somebody you don’t trust may get access to your local network’s wifi password, or plug into it directly via ethernet. Could be a “friend” of a friend, or some worker at your home, etc.
- They try the access umbrel.local and then access any of the apps that run on default passwords like ThunderHub.
- Log-in with ‘moneyprintergobrrr’, and send out your funds.
To avoid this attack, uninstall all apps that allow sending out funds, and can only run with the default password. Mempool for example is safe, because it doesn’t allow sending out funds, and RTL is safe too because it lets you change the default password. But Thunderhub should be uninstalled.
The same attack can be performed if somebody gets hold of your onion address in some way. All the more reason to uninstall unnecessary apps.
The second biggest issue in my view is the inability to restore funds in channels in case of a catastrophic hardware failure. Any electrical or mechanical failure may render your node inaccessible and unrecoverable.
Your on-chain funds are no problem. You can restore it with the seed as long as you kept is safe.
However, your channels need to be closed down nicely to access your SATS. If you have the channel backups you can issue a command to close those channels down, but you still need an operational Umbrel as far as I understand. You can’t issue that command from another device. (I’m unsure here, please correct me if wrong.)
If you can’t use your channel backup for any reason one of three things will happen:
- The other party will keep the channel open indefinitely or for a very long time even though it’s offline. Your sats will be stuck potentially for a long time until option 2 or 3 materialised.
- The other party will close your channel and everyone gets back their SATs fairly. Thus you will get them back on the restored on-chain wallet you created with the backup seed. Good outcome.
- The other party may try their luck and transmit a previous state of the channel where they had more SATs on the channel than you. And since you can’t issue a penalising transaction they will get away with it. You will get little or nothing, and they steal your funds. Worst outcome.
How much to “risk” on channels? We must remember that we’re dealing with software that is all work in progress. It’s really good, but there are scenarios that nobody can foresee. A combination of hardware, network and user actions can create a situation that we can’t predict and defend against.
Generally, I believe you’re better off in terms of risks to go with Umbrel than building your own stack of software, because the Umbrel team and the community gives you an extra layer of testing. So if you’re running a business for example, it’s probably wise to run Umbrel instead of building your own node, unless of course you really know what you’re doing.
So, definitely don’t store your life savings on Umbrel and certainly not on channels. You should put only as much money on your Umbrel that you want to use for spending, for testing and learning. This amount could be as little as $100 worth of SATs or 0.1BTC depending on the person’s wealth and their appetite for risk.