Litecoin Network Recovers from Denial-of-Service Attack and 13-Block Rewrite

A denial-of-service attack on the Litecoin network, leveraging a vulnerability in its Mimblewimble Extension Block protocol, was countered with a 13-block chain reorganization, effectively rewinding 32 minutes of network activity. The attack, which occurred late Friday and Saturday, was made possible by a bug that allowed invalid transactions to bypass updated nodes, prior to the network's longest valid chain correcting them. Following the incident, Litecoin Core v0.21.5.4 was released, advising all users to upgrade due to important security updates. However, security researchers have pointed out discrepancies in the timeline of events, suggesting that the vulnerability was privately patched between March 19 and 26, more than four weeks before the attack. The researchers argue that this created a window of vulnerability, as some miners were running the patched code while others were still using the vulnerable version, which the attackers seemed to be aware of. The attack has raised concerns about the coordination of upgrades and patches across different networks, with newer chains being able to push patches quickly and older proof-of-work networks like Litecoin and Bitcoin facing challenges in reaching all independent mining pools promptly.