Litecoin Falls Victim to Denial-of-Service Attack, Rolls Back 13 Blocks to Mitigate Damage

Late Friday and Saturday, a chain reorganization of 13 blocks was executed on the LTC network, effectively reversing approximately 32 minutes of network activity after attackers exploited a vulnerability in the Mimblewimble Extension Block protocol. The bug enabled a denial-of-service attack against major mining pools, allowing invalid transactions to bypass nodes that had not been updated before the network's longest valid chain corrected them. Following the incident, Litecoin Core v0.21.5.4 was released, with all users advised to upgrade due to important security updates. According to the Litecoin Foundation, the bug was fully patched and the network was operating normally by Sunday morning. However, prominent researchers have pointed out discrepancies in the timeline of events, as indicated by the litecoin-project GitHub repository. The repository shows that the consensus vulnerability was privately patched between March 19 and 26, roughly four weeks before the attack, but the fix was not publicly announced or mandated for all mining pools. This created a window of opportunity for attackers, who appeared to be aware of which miners were running the patched code and which were still vulnerable. The attackers pre-funded a wallet 38 hours before the exploit, using a Binance withdrawal, and had already set up the destination address to swap LTC for ETH on a decentralized exchange. The denial-of-service attack and the MWEB bug were separate components, designed to take patched mining nodes offline and allow unpatched nodes to form a chain that included the invalid transactions. The network's automatic handling of the 13-block reorganization once the DoS stopped suggests that enough hashrate was running updated code to eventually overpower the attack. However, this incident highlights the differences in how various networks respond to exploits, with newer chains having more centralized validator sets and being able to coordinate upgrades quickly, while older proof-of-work networks like Litecoin and bitcoin rely on independent mining pools to choose when to upgrade, creating a window of vulnerability.