Litecoin Recovers from Denial-of-Service Attack by Rewriting 13 Blocks

On Friday and Saturday, a chain reorganization of 13 blocks was implemented on the Litecoin network, undoing approximately 32 minutes of activity after attackers exploited a vulnerability in its Mimblewimble Extension Block protocol. This allowed invalid transactions to bypass nodes that had not been updated, before the network's longest valid chain corrected them. A recent release of Litecoin Core v0.21.5.4 has been made available, advising all users to upgrade due to important security updates. According to the Litecoin Foundation, the bug has been fully patched and the network is operating normally as of Sunday morning. However, security researchers have pointed out that the timeline of events, as shown on the litecoin-project GitHub repository, indicates the consensus vulnerability was privately patched roughly four weeks before the attack. The fix was included in release 0.21.5.4, which was rolled out after the attack had begun. This has raised concerns about the handling of the exploit and the potential for similar attacks in the future. The incident highlights the differences in how various networks respond to exploits, with newer chains often coordinating upgrades quickly, while older proof-of-work networks like Litecoin rely on independent mining pools to choose when to upgrade, creating a window of vulnerability.