Litecoin Network Hit by Denial-of-Service Attack, Successfully Reverses 13 Blocks

On Friday and Saturday, a series of events unfolded as a 13-block reorganization occurred on the Litecoin network, effectively rewinding approximately 32 minutes of network activity. This was in response to an attack that leveraged a vulnerability within the Mimblewimble Extension Block (MWEB) protocol, allowing for invalid transactions to temporarily bypass nodes that had not been updated. The bug enabled a denial-of-service attack against major mining pools, but the network's longest valid chain eventually corrected the invalid transactions. In response, Litecoin Core v0.21.5.4 was released, containing crucial security updates, and all users are advised to upgrade. According to the Litecoin Foundation, the bug was fully patched, and the network is now operating normally. However, security researchers have pointed out discrepancies in the timeline of events, suggesting that the vulnerability was privately patched between March 19 and 26, roughly four weeks before the attack occurred. The consensus vulnerability allowed for an invalid MWEB peg-out, which was known and patched privately a month before the exploit but not publicly disclosed or mandated for all mining pools. This created a window of opportunity for attackers, who seemed to be aware of the patched and unpatched versions of the code. The attackers pre-funded a wallet 38 hours before the exploit and configured it to swap LTC for ETH on a decentralized exchange. The denial-of-service attack and the MWEB bug were separate components, with the DoS designed to take patched mining nodes offline so that the unpatched ones would form the chain that included the invalid transactions. Once the DoS stopped, the network automatically handled the 13-block reorganization, suggesting that enough hashrate was running the updated code to eventually overpower the attack. The incident highlights the differences in how various networks respond to exploits, with newer chains being more centralized and able to coordinate upgrades quickly, while older proof-of-work networks like Litecoin and Bitcoin rely on independent mining pools choosing when to upgrade, creating a window of vulnerability.