Litecoin Network Recovers from Denial-of-Service Attack and Block Rewrite

On Friday and Saturday, a series of events unfolded as a denial-of-service attack hit Litecoin, leveraging a vulnerability in its MWEB protocol to temporarily rewind approximately 32 minutes of network activity. The attack involved the exploitation of a bug that allowed invalid transactions to bypass nodes that had not been updated, prior to the network's longest valid chain correcting them. Following the incident, Litecoin Core released version 0.21.5.4, which includes crucial security updates, and users are advised to upgrade. The Litecoin Foundation announced on Sunday morning that the bug had been fully patched and the network was operating normally. However, an examination of the litecoin-project GitHub repository reveals that the consensus vulnerability was privately patched between March 19 and 26, roughly four weeks before the attack occurred. This raises questions about the timeline of events and the nature of the exploit, with some researchers suggesting that the attack may not have been a traditional zero-day exploit, given that the vulnerability was known and patched prior to the incident. The sequence of events highlights the complexities of maintaining and securing blockchain networks, particularly those that rely on independent mining pools, which can create windows of vulnerability when security patches need to be implemented rapidly.