Litecoin Recovers from Denial-of-Service Attack by Rewriting 13 Blocks

A significant incident occurred on the Litecoin network, involving a denial-of-service attack that took advantage of a vulnerability in the Mimblewimble Extension Block (MWEB) protocol, resulting in a 13-block chain reorganization to undo the damage. The attack, which happened on Friday and Saturday, was made possible by a bug that allowed invalid MWEB transactions to be processed by nodes that had not been updated. However, the network's longest valid chain eventually corrected these transactions. The Litecoin Core v0.21.5.4 release has been made available, and all users are advised to upgrade due to important security updates. According to the Litecoin Foundation, the bug has been fully patched, and the network is now operating normally. Nevertheless, some researchers have raised concerns about the timeline of events, suggesting that the vulnerability was known and patched privately a month before the attack, but the fix was not made public or mandatory for all mining pools. This created a window of opportunity for the attackers, who seemed to be aware of which miners were running the patched code and which were still vulnerable. The attack involved a pre-funded wallet and a decentralized exchange, and it has sparked discussions about the differences in how various networks respond to exploits and the challenges faced by older proof-of-work networks like Litecoin in pushing security patches to all users.