Litecoin Falls Victim to Denial-of-Service Attack, Successfully Reverses 13 Blocks

On Friday and Saturday, a chain reorganization of 13 blocks on the Litecoin network rewound approximately 32 minutes of network activity after attackers exploited a vulnerability in its Mimblewimble Extension Block protocol. The bug allowed for a denial-of-service attack against major mining pools, enabling invalid transactions to bypass nodes that had not been updated before the network's longest valid chain corrected them. Following the incident, Litecoin Core v0.21.5.4 was released, advising all users to upgrade due to important security updates. According to the Litecoin Foundation, the bug was fully patched and the network is operating normally by Sunday morning. However, security researchers have pointed out discrepancies in the timeline of events, suggesting that the vulnerability was known and patched privately between March 19 and 26, roughly four weeks before the attack. The consensus vulnerability that allowed the invalid MWEB peg-out was privately patched during this time, but the fix had not been publicly broadcast or required for all mining pools, creating a window of vulnerability. The attackers appeared to have been aware of which miners were running the patched code and which were still vulnerable. Blockchain data revealed that the attacker had pre-funded a wallet 38 hours before the exploit, with the destination address configured to swap LTC for ETH on a decentralized exchange. The denial-of-service attack and the MWEB bug were separate components, with the DoS designed to take patched mining nodes offline so the unpatched ones would form the chain that included the invalid transactions. The network's automatic handling of the 13-block reorganization once the DoS stopped suggests that enough hashrate was running updated code to eventually overpower the attack. The incident highlights the differences in how code maintainers and developers react to exploits on various networks, with older proof-of-work networks like Litecoin and bitcoin relying on independent mining pools to upgrade, creating a window of vulnerability when a security patch needs to reach everyone before an attacker exploits the gap.