Litecoin Network Recovers from Denial-of-Service Attack and Block Reorganization

On Friday and Saturday, the Litecoin network experienced a 13-block chain reorganization, effectively rewinding 32 minutes of network activity. This occurred after attackers exploited a vulnerability in the Mimblewimble Extension Block (MWEB) protocol, enabling a denial-of-service attack against major mining pools. The vulnerability allowed invalid MWEB transactions to bypass nodes that had not been updated, before the network's longest valid chain corrected them. Following the incident, Litecoin Core released version 0.21.5.4, which includes important security updates, and users are advised to upgrade. According to the Litecoin Foundation, the bug has been fully patched, and the network is now operating normally. However, security researchers have pointed out that the vulnerability was privately patched between March 19 and 26, roughly four weeks before the attack, and the fix had not been publicly announced or mandated for all mining pools. This created a window of opportunity for attackers, who appeared to be aware of which miners were running the patched code and which were still vulnerable. The attack involved a denial-of-service vulnerability that was patched on April 25, and both fixes were included in the release 0.21.5.4 after the attack had begun. The exploitation of the vulnerability has raised concerns about the network's vulnerability to such attacks and the need for more coordinated and timely responses to security patches. Blockchain data showed that the attacker had pre-funded a wallet 38 hours before the exploit and had configured the destination address to swap LTC for ETH on a decentralized exchange. The denial-of-service attack and the MWEB bug were separate components, designed to take patched mining nodes offline and allow unpatched nodes to form a chain that included invalid transactions. The network's automatic handling of the 13-block reorganization once the DoS stopped suggests that enough hashrate was running updated code to eventually overpower the attack. The incident highlights the differences in how various networks respond to exploits and the challenges faced by older proof-of-work networks like Litecoin and bitcoin in coordinating upgrades and pushing patches network-wide.