Litecoin Network Recovers from Denial-of-Service Attack and 13-Block Chain Reorganization

On Friday and Saturday, a series of events unfolded as a denial-of-service attack impacted Litecoin, leveraging a vulnerability in its Mimblewimble Extension Block (MWEB) protocol to execute invalid transactions. The attack resulted in a 13-block chain reorganization, effectively rewinding 32 minutes of network activity. The Litecoin foundation characterized the incident as a zero-day exploit, but further investigation revealed that the vulnerability had been privately patched between March 19 and 26, more than four weeks prior to the attack. The patch was incorporated into the Litecoin Core v0.21.5.4 release, which users are advised to upgrade to. Notably, the timeline of events has raised questions among researchers, with some pointing out discrepancies between the foundation's account and the publicly available commit history on the litecoin-project GitHub repository. The incident highlights the complexities and challenges associated with maintaining the security and integrity of blockchain networks, particularly in the context of decentralized systems like Litecoin.