Litecoin Falls Victim to Denial-of-Service Attack, Successfully Reverses 13 Blocks

On Friday and Saturday, a series of events unfolded that led to a 13-block chain reorganization on the Litecoin network, effectively rewinding approximately 32 minutes of network activity. This was in response to an attack that leveraged a vulnerability within the Mimblewimble Extension Block (MWEB) protocol, allowing for invalid transactions to be temporarily validated. The attack was facilitated by a denial-of-service exploit that targeted major mining pools, taking advantage of nodes that had not yet updated to the latest version of the protocol. Following the incident, Litecoin Core v0.21.5.4 was released, which included critical security updates. Users were advised to upgrade to this version to protect against future vulnerabilities. The Litecoin Foundation reported that the bug had been fully patched and the network was operating normally as of Sunday morning. However, security researchers pointed out discrepancies in the timeline of events, suggesting that the vulnerability was known and patched privately over a month before the attack. This created a window of opportunity for attackers, who seemed to be aware of which mining nodes were running the patched code and which were still vulnerable. The attack involved a sophisticated strategy, including a pre-funded wallet and a planned swap of LTC for ETH on a decentralized exchange. The fact that the network was able to automatically correct the 13-block reorganization once the denial-of-service attack ceased suggests that a sufficient amount of hashrate was running the updated code, ultimately overpowering the attack. This incident highlights the differences in how various networks respond to exploits, with newer chains often being more centralized and able to coordinate upgrades quickly, while older proof-of-work networks like Litecoin and Bitcoin rely on independent mining pools to upgrade, creating potential windows of vulnerability.