Litecoin Suffers Denial-of-Service Attack, Successfully Reverses 13 Blocks

On Friday and Saturday, a chain reorganization of 13 blocks on the Litecoin network rewound approximately 32 minutes of network activity, following an attack that exploited a vulnerability in its Mimblewimble Extension Block protocol. The bug enabled a denial-of-service attack against major mining pools, allowing invalid transactions to bypass nodes that had not been updated before the network's longest valid chain corrected them. A new version of Litecoin Core, v0.21.5.4, has been released, and all users are advised to upgrade due to important security updates. According to the Litecoin Foundation, the bug has been fully patched, and the network is operating normally. However, security researchers have raised concerns regarding the timeline of the patch, which was privately applied between March 19 and 26, roughly four weeks before the attack. The consensus vulnerability was known and patched, but the fix was not publicly announced or mandated for all mining pools, creating a window of vulnerability. The attack appears to have been designed to take advantage of this window, with the attackers targeting unpatched nodes. Blockchain data shows that the attacker pre-funded a wallet 38 hours before the exploit and had already configured the destination address to swap LTC for ETH on a decentralized exchange. The fact that the network automatically handled the 13-block reorganization once the denial-of-service attack stopped suggests that enough hashrate was running updated code to eventually overpower the attack. The incident highlights the differences in how various networks respond to exploits, with newer chains able to coordinate upgrades quickly and older proof-of-work networks like Litecoin relying on independent mining pools to choose when to upgrade, creating a window of vulnerability.