Litecoin Suffers Denial-of-Service Attack, Successfully Reverses 13 Blocks

A chain reorganization occurred on the Litecoin network over the weekend, reversing approximately 32 minutes of transactions after attackers exploited a vulnerability in the Mimblewimble Extension Block protocol, allowing for a denial-of-service attack against major mining pools. The Litecoin Core v0.21.5.4 update has been released, advising all users to upgrade due to important security updates. Researchers have pointed out discrepancies in the reported timeline of events, with the litecoin-project GitHub repository indicating that the consensus vulnerability was patched between March 19 and 26, prior to the attack. The separate denial-of-service vulnerability was patched on April 25, and both fixes were included in the release 0.21.5.4 after the attack had begun. The incident highlights the differences in how various networks respond to exploits, with newer chains able to coordinate upgrades quickly and older proof-of-work networks like Litecoin facing challenges in ensuring all mining pools upgrade promptly.