Litecoin Recovers from Denial-of-Service Attack by Rewriting 13 Blocks

On Friday and Saturday, a chain reorganization of 13 blocks on the Litecoin network reversed approximately 32 minutes of network activity following an attack that leveraged a vulnerability in the Mimblewimble Extension Block protocol. The attackers utilized a bug to initiate a denial-of-service attack against major mining pools, allowing invalid transactions to bypass nodes that had not been updated before the network's longest valid chain corrected them. The Litecoin Core v0.21.5.4 release includes crucial security updates and users are advised to upgrade. According to the Litecoin Foundation, the bug has been fully patched and the network is operating normally as of Sunday morning. However, researchers argue that the timeline of events, as indicated by the litecoin-project GitHub repository, suggests the vulnerability was known and patched privately a month prior to the attack. The consensus vulnerability was privately patched between March 19 and March 26, roughly four weeks before the attack, but the fix was not publicly disclosed or mandated for all mining pools. This created a window of opportunity for attackers, who seemed to be aware of which miners were running the patched code and which were still vulnerable. The attackers pre-funded a wallet 38 hours before the exploit and configured the destination address to swap LTC for ETH on a decentralized exchange. Once the denial-of-service attack stopped, the network automatically handled the 13-block reorganization, suggesting that enough hashrate was running updated code to eventually overpower the attack. The incident highlights the differences in how code maintainers and developers respond to exploits on various networks, with newer chains often coordinating upgrades more quickly than older proof-of-work networks like Litecoin and bitcoin.