Lightning Channel Closed Without My Consent

[rnsousa]

Hi everyone,
I'm seeking help to understand how my Lightning channel was closed without my authorization and how a transaction was signed. I'm using Electrum 4.5.7 with a cold wallet setup. I checked the outputs from the closed transaction and the funds from the channel was sent to two addresses. One is mine.

I’ve checked the channel details in Electrum and confirmed the closure txid. I’m hesitant to connect my offline phone to avoid further risks. Any advice on how to investigate this, recover funds (if a penalty transaction is possible within the timelock), or secure my wallet would be greatly appreciated. I can provide more details (e.g., channel ID, node ID) if needed.

[BitMaxz]

My guess is you're one party forces close the channel without your consent because force-closing the channel doesn't need consent from the counterparty, but the transaction will be locked for 2 weeks minimum.

You'd better check the transaction output, you can investigate there under details, if the locktime is enabled or use mempool.space to check that transaction, if the locktime details show some value, it means the counterparty forced-close the channel.

[nc50lc]

I’ve checked the channel details in Electrum and confirmed the closure txid. I’m hesitant to connect my offline phone to avoid further risks. Any advice on how to investigate this, -snip-

Your cold-storage phone is safe (given that it's totally air-gap).
It's just your lightning-enabled watch-only wallet actually contains an extended private key.
You Electrum wallet is using that to manage your lightning transactions. (notice that it can send lightning without using your offline wallet)
But don't worry since the extended (master) private key of your on-chain cold-storage wallet can't be compromised by it.

For the closing transaction's signature, by oversimplifying things:
Your latest lightning transaction actually has a "pre-image" of what the final state of the transaction could be when broadcasted to the blockchain.
The remote node (other party of the channel) simply used it to get access to his part of the funds without your consent.

For more accurate details, read this document: lightning.network/lightning-network-paper.pdf

[obtainhigh]

A channel can be force-closed unilaterally by your peer, and Electrum manages Lightning keys locally, so your cold wallet is likely safe.