Litecoin Network Faces Denial-of-Service Attack, Successfully Reverses 13 Blocks

On Friday and Saturday, a chain reorganization occurred on the Litecoin network, reversing approximately 32 minutes of activity after attackers exploited a vulnerability in the Mimblewimble Extension Block (MWEB) protocol, allowing invalid transactions to temporarily pass through unupdated nodes before the network's longest valid chain corrected them. The Litecoin Core v0.21.5.4 release, which includes crucial security updates, has been made available, and all users are advised to upgrade. According to the Litecoin Foundation, the bug has been fully patched, and the network is now operating normally. However, security researchers have pointed out discrepancies in the timeline of events, as indicated by the litecoin-project GitHub repository, which suggests the consensus vulnerability was privately patched between March 19 and 26, roughly four weeks prior to the attack. The fixes for the consensus vulnerability and a separate denial-of-service vulnerability were incorporated into release 0.21.5.4 on the afternoon of April 25, after the attack had begun. The term 'zero-day' refers to a vulnerability that is unknown to defenders at the time of an attack. An examination of Litecoin's commit history reveals that the consensus vulnerability was known and patched privately a month before the exploit but had not been publicly announced or mandated for all mining pools, creating a window of opportunity for attackers. Alex Shevchenko, CTO of NEAR Foundation's Aurora project, has raised concerns regarding the exploit, citing blockchain data that shows the attacker pre-funded a wallet 38 hours before the exploit and had configured the destination address to swap LTC for ETH on a decentralized exchange. Shevchenko argued that the denial-of-service attack and the MWEB bug were separate components, with the DoS designed to take patched mining nodes offline, allowing the unpatched ones to form a chain that included the invalid transactions. The fact that the network automatically handled the 13-block reorganization once the DoS stopped suggests that enough hashrate was running updated code to eventually overpower the attack. This incident highlights the differences in how code maintainers and developers react to exploits on various networks. Newer chains with smaller, more centralized validator sets can coordinate upgrades and push patches network-wide in hours, whereas older proof-of-work networks like Litecoin and Bitcoin rely on independent mining pools choosing when to upgrade, creating a window of vulnerability when a security patch needs to reach everyone before an attacker exploits the gap. As of Sunday morning, the Litecoin Foundation has not publicly addressed the GitHub timeline, and the amount of LTC pegged out during the invalid block window and the value of any swaps completed before the reorganization reversed them have not been disclosed.