Litecoin Recovers from Denial-of-Service Attack by Rewriting 13 Blocks

A denial-of-service attack on the Litecoin network led to a 13-block chain reorganization, reversing approximately 32 minutes of activity. The attack exploited a vulnerability in the Mimblewimble Extension Block (MWEB) protocol, allowing invalid transactions to bypass nodes that had not been updated. However, the network's longest valid chain eventually corrected these transactions. The Litecoin Core v0.21.5.4 release contains crucial security updates, and users are advised to upgrade. According to the Litecoin Foundation, the bug has been fully patched, and the network is operating normally. Nevertheless, security researchers have pointed out that the vulnerability was privately patched between March 19 and 26, roughly four weeks before the attack. A separate denial-of-service vulnerability was patched on April 25. Both fixes were included in the release 0.21.5.4, which was rolled out after the attack had begun. The fact that the vulnerability was known and patched a month prior to the exploit raises concerns about the window of vulnerability created by the delay in broadcasting the fix publicly or requiring it for all mining pools. This allowed attackers to target nodes running the vulnerable version of the code. Blockchain data reveals that the attacker had pre-funded a wallet 38 hours before the exploit and had configured the destination address to swap LTC for ETH on a decentralized exchange. The denial-of-service attack and the MWEB bug appear to be separate components, with the DoS designed to take patched mining nodes offline, enabling the unpatched ones to form a chain that included the invalid transactions. The network's ability to automatically handle the 13-block reorganization once the DoS stopped suggests that enough hashrate was running updated code to eventually overpower the attack. This incident highlights the differences in how code maintainers and developers react to exploits on various networks. While newer chains with smaller validator sets can coordinate upgrades quickly, older proof-of-work networks like Litecoin and Bitcoin rely on independent mining pools choosing when to upgrade, creating a window of vulnerability when security patches need to be implemented rapidly.