Litecoin Network Hit by Denial-of-Service Attack, Successfully Recovers with 13-Block Reorganization

On Friday and Saturday, a series of events unfolded as a 13-block chain reorganization occurred on the Litecoin network, effectively rewinding approximately 32 minutes of network activity. This reorganization was a response to a denial-of-service attack that exploited a vulnerability in the Mimblewimble Extension Block (MWEB) protocol, allowing invalid transactions to bypass nodes that had not been updated. The attack was facilitated by a bug that had been privately patched between March 19 and 26, but the fix had not been widely implemented or publicly disclosed, creating a window of vulnerability. As a result, major mining pools were targeted, and invalid MWEB transactions were temporarily allowed onto the network before being corrected by the longest valid chain. In response to the attack, Litecoin Core v0.21.5.4 was released, containing crucial security updates that all users are advised to implement. According to the Litecoin Foundation, the bug has been fully patched, and the network is now operating normally. However, security researchers have pointed out discrepancies in the timeline of events, suggesting that the vulnerability was known and patched a month prior to the attack, but the fix was not widely adopted or publicly announced. This has raised concerns about the coordination and communication of security patches within the Litecoin network, particularly in comparison to newer blockchain networks that can push updates more rapidly. The incident highlights the challenges faced by older proof-of-work networks like Litecoin, where independent mining pools have autonomy over when to upgrade, creating potential windows of vulnerability. Further analysis by researchers indicates that the attack involved a pre-funded wallet and a decentralized exchange, and the denial-of-service component was designed to take patched nodes offline, allowing the attackers to exploit the unpatched nodes. The automatic handling of the 13-block reorganization by the network once the DoS stopped suggests that enough hashrate was running updated code to eventually overpower the attack. The full extent of the damage, including the amount of LTC pegged out during the invalid block window and the value of any swaps completed before the reorganization, has not been publicly disclosed.