Litecoin Recovers from Denial-of-Service Attack by Rewriting 13 Blocks

On Friday and Saturday, a series of events unfolded as a 13-block chain reorganization occurred on the Litecoin network, effectively reversing the impact of a denial-of-service attack. The attack exploited a vulnerability in the Mimblewimble Extension Block (MWEB) protocol, allowing invalid transactions to be processed by nodes that had not been updated. The Litecoin Core v0.21.5.4 release has since been made available, containing crucial security updates. According to the Litecoin Foundation, the bug has been fully patched and the network is now operating as normal. However, security researchers have pointed out discrepancies in the timeline of events, suggesting that the vulnerability was privately patched between March 19 and 26, roughly four weeks prior to the attack. The consensus vulnerability was known and patched, but the fix had not been publicly disclosed or mandated for all mining pools, creating a window of opportunity for the attackers. The attackers appeared to have been aware of which miners were running the patched code and which were still vulnerable. Blockchain data revealed that the attacker had pre-funded a wallet 38 hours before the exploit, with the intention of swapping LTC for ETH on a decentralized exchange. The denial-of-service attack was designed to take patched mining nodes offline, allowing the unpatched nodes to form a chain that included the invalid transactions. Once the DoS stopped, the network automatically handled the 13-block reorganization, suggesting that enough hashrate was running updated code to overpower the attack. The incident highlights the differences in how various networks respond to exploits, with newer chains being able to coordinate upgrades quickly, while older proof-of-work networks like Litecoin rely on independent mining pools to upgrade, creating a window of vulnerability.