Litecoin Network Recovers from Denial-of-Service Attack and 13-Block Chain Reorganization

A series of events unfolded over the weekend as a denial-of-service attack on the Litecoin network led to a 13-block chain reorganization, effectively reversing 32 minutes of network activity. The attack exploited a vulnerability in the Mimblewimble Extension Block (MWEB) protocol, allowing invalid transactions to bypass nodes that had not been updated. However, once the longest valid chain corrected these transactions, the network returned to normal. The Litecoin Core v0.21.5.4 release has been made available, and users are advised to upgrade due to important security updates. Despite the foundation's claim that the bug was a zero-day exploit, security researchers point out that the vulnerability was privately patched between March 19 and 26, roughly four weeks before the attack occurred. This has raised concerns about the transparency of the patching process and the potential for similar attacks in the future. The timeline of events suggests that the consensus vulnerability was known and patched privately, but the fix had not been publicly announced or mandated for all mining pools, creating a window of vulnerability. The attack highlights the differences in how various networks respond to exploits, with newer chains often able to coordinate upgrades quickly, while older proof-of-work networks like Litecoin rely on independent mining pools to choose when to upgrade, potentially creating a window of vulnerability.