Litecoin Network Hit by Denial-of-Service Attack, Successfully Reverses 13 Blocks

A series of events unfolded over the weekend as a vulnerability in Litecoin's Mimblewimble Extension Block protocol was exploited, allowing for a denial-of-service attack against major mining pools and enabling invalid transactions to be processed. The bug, which was privately patched between March 19 and 26, was leveraged to carry out the attack, but the network's longest valid chain ultimately corrected the invalid transactions. The Litecoin Core v0.21.5.4 release has been made available, containing crucial security updates. Despite the foundation's claim that the bug was fully patched and the network is operating normally, security researchers have pointed out discrepancies in the timeline of events. The consensus vulnerability was known and patched a month prior to the attack, but the fix had not been publicly disclosed or mandated for all mining pools, creating a window of vulnerability. The attack has raised concerns about the differences in how various networks respond to exploits, with newer chains able to coordinate upgrades quickly and older proof-of-work networks like Litecoin facing challenges in reaching all independent mining pools with security patches in a timely manner.