Litecoin Falls Victim to Denial-of-Service Attack, Rolls Back 13 Blocks to Mitigate Damage

On Friday and Saturday, a chain reorganization of 13 blocks on the Litecoin network effectively rewound 32 minutes of network activity, following a denial-of-service attack that exploited a vulnerability in the Mimblewimble Extension Block protocol. The attack allowed invalid transactions to bypass nodes that had not been updated, before the network's longest valid chain corrected them. A security patch was released in Litecoin Core v0.21.5.4, which users are advised to upgrade to. According to the Litecoin Foundation, the bug has been fully patched and the network is now operating normally. However, security researchers have pointed out that the timeline of events, as revealed by the litecoin-project GitHub repository, indicates that the consensus vulnerability was privately patched between March 19 and 26, roughly four weeks before the attack. The separate denial-of-service vulnerability was patched on April 25. Both fixes were included in the release 0.21.5.4, which was rolled out after the attack had begun. The fact that the vulnerability was known and patched a month before the exploit, but not publicly disclosed or mandated for all mining pools, created a window of opportunity for the attackers. The attackers appeared to have been aware of which mining pools were running the patched code and which were still vulnerable, allowing them to target the vulnerable ones. The denial-of-service attack was designed to take the patched mining nodes offline, enabling the unpatched ones to form a chain that included the invalid transactions. The automatic handling of the 13-block reorganization by the network once the DoS stopped suggests that enough hashrate was running updated code to eventually overpower the attack. The incident highlights the differences in how various networks respond to exploits, with newer chains being able to coordinate upgrades quickly, while older proof-of-work networks like Litecoin and bitcoin rely on independent mining pools to choose when to upgrade, creating a window of vulnerability.