Litecoin Recovers from Denial-of-Service Attack by Rewriting 13 Blocks

On Friday and Saturday, a series of events unfolded as a denial-of-service attack impacted Litecoin, leveraging a vulnerability within its Mimblewimble Extension Block protocol to briefly compromise the network. This led to a 13-block reorganization to counteract the effects, effectively reversing roughly 32 minutes of network activity. The exploit allowed for invalid transactions to momentarily bypass nodes that hadn't been updated, highlighting a significant security concern. Following the incident, Litecoin Core released version 0.21.5.4, which includes crucial security updates, and the foundation announced that the bug had been fully patched and the network was operating as normal by Sunday morning. However, analysis of the litecoin-project GitHub repository by security researchers revealed that the consensus vulnerability had been known and privately patched between March 19 and 26, more than a month before the attack occurred. This timeline has raised questions about the nature of the exploit, with some arguing that the term 'zero-day' may not accurately apply given the prior knowledge and patching of the vulnerability. The attack and subsequent response underscore the complexities of maintaining security in decentralized networks, particularly those reliant on independent mining pools for updates, and highlight the differences in how various blockchain networks respond to and coordinate patches for security exploits.