Litecoin Recovers from Denial-of-Service Attack by Rewriting 13 Blocks

A series of events unfolded over the weekend as a denial-of-service attack on Litecoin's Mimblewimble Extension Block protocol led to a brief chain reorganization. The attack, which occurred on Friday and Saturday, resulted in approximately 32 minutes of network activity being rewound after 13 blocks were rewritten. This move effectively reversed the impact of the exploit. According to the Litecoin foundation, the vulnerability that enabled the attack had been privately patched between March 19 and 26, more than four weeks before the incident. However, the patch had not been publicly announced or mandated for all mining pools, creating a window of vulnerability. The attackers seemingly took advantage of this by targeting nodes that had not updated, allowing invalid transactions to temporarily slip through. Following the attack, Litecoin Core version 0.21.5.4 was released, which includes important security updates. Users are advised to upgrade to this version to ensure the security of their transactions. The foundation has stated that the bug is now fully patched and the network is operating normally. Nevertheless, security researchers have pointed out discrepancies in the timeline of events, suggesting that the vulnerability was known and patched privately before the attack, but the fix was not widely implemented. This has raised questions about the coordination and communication among miners and developers in responding to such exploits. The incident highlights the differences in how various blockchain networks respond to attacks, with newer chains often being more centralized and able to push patches quickly, whereas older proof-of-work networks like Litecoin rely on independent mining pools to choose when to upgrade, potentially creating windows of vulnerability.