Litecoin Network Faces Denial-of-Service Attack, Successfully Reverses 13 Blocks

On Friday and Saturday, a chain reorganization of 13 blocks was initiated on the Litecoin network, effectively reversing 32 minutes of network activity after an attacker exploited a vulnerability in the Mimblewimble Extension Block (MWEB) protocol, enabling a denial-of-service attack on major mining pools and allowing invalid MWEB transactions to bypass nodes that had not been updated, before the network's longest valid chain corrected them. The Litecoin Core v0.21.5.4 has been released, and all users are advised to upgrade, as it contains crucial security updates. According to the Litecoin Foundation, the bug has been fully patched, and the network is now operating normally. However, security researchers have pointed out that the timeline of events, as revealed by the litecoin-project GitHub repository, indicates that the consensus vulnerability was privately patched a month before the attack, but the fix had not been publicly announced or mandated for all mining pools, creating a window of vulnerability that the attackers appear to have exploited. The attack has raised concerns about the differences in how various networks respond to exploits, with newer chains having more centralized validator sets and being able to coordinate upgrades quickly, whereas older proof-of-work networks like Litecoin and Bitcoin rely on independent mining pools to choose when to upgrade, creating a potential window of vulnerability.