Litecoin Recovers from Denial-of-Service Attack by Rewriting 13 Blocks

A recent attack on the Litecoin network involved a denial-of-service exploit that targeted a vulnerability in its Mimblewimble Extension Block protocol, resulting in a 13-block chain reorganization to reverse the effects. The vulnerability had been privately patched between March 19 and 26, but the fix had not been publicly disclosed or mandated for all mining pools, creating a window of opportunity for the attackers. The exploit was eventually mitigated, but not before the attackers were able to slip invalid transactions through unpatched nodes. The Litecoin Foundation has released an updated version, Litecoin Core v0.21.5.4, which includes important security updates, and users are advised to upgrade. The incident highlights the challenges faced by older proof-of-work networks like Litecoin in responding to security exploits, particularly when compared to newer chains with more centralized validator sets.