Litecoin Network Recovers from Denial-of-Service Attack and 13-Block Reorganization

On Friday and Saturday, a series of events unfolded on the Litecoin network, beginning with a denial-of-service attack that exploited a vulnerability in its Mimblewimble Extension Block protocol, allowing for the temporary inclusion of invalid transactions. The attack was subsequently mitigated through a 13-block chain reorganization, effectively rewinding 32 minutes of network activity. The vulnerability had been privately patched between March 19 and 26, but the fix had not been broadly implemented across all mining pools, creating a window of opportunity for the attackers. The Litecoin Core v0.21.5.4 release has since been issued, containing important security updates, and users are advised to upgrade. The incident highlights the challenges faced by older proof-of-work networks, such as Litecoin and Bitcoin, in promptly implementing security patches across independent mining pools, unlike newer chains with more centralized validator sets. The full impact of the attack, including the amount of LTC involved and any completed swaps, has not been disclosed.