Litecoin Recovers from Denial-of-Service Attack by Rewriting 13 Blocks

On Friday and Saturday, a series of events unfolded as a denial-of-service attack targeted Litecoin's Mimblewimble Extension Block protocol, allowing invalid transactions to be temporarily added to the blockchain. The attack was made possible by a vulnerability that had been privately patched between March 19 and 26, but not yet publicly disclosed or implemented by all mining pools. As a result, some miners were running patched code, while others were still vulnerable. The attackers appear to have taken advantage of this discrepancy. The Litecoin network automatically corrected the invalid transactions after a 13-block reorganization, which rewound approximately 32 minutes of network activity. The foundation has since released Litecoin Core v0.21.5.4, which includes important security updates, and all users are advised to upgrade. Researchers have pointed out that the timeline of the patch and the attack raises questions about the handling of the vulnerability. The incident highlights the challenges faced by older proof-of-work networks like Litecoin, where independent mining pools can create a window of vulnerability when security patches are not universally implemented in a timely manner.