Litecoin Recovers from Denial-of-Service Attack by Reversing 13 Blocks

On Friday and Saturday, a series of 13 blocks were reorganized on the Litecoin network at a value of $55.20, effectively rewinding 32 minutes of network activity after attackers exploited a vulnerability in the Mimblewimble Extension Block protocol. This vulnerability enabled a denial-of-service attack against major mining pools, allowing invalid transactions to bypass nodes that had not been updated before the network's longest valid chain rectified them. Following the incident, Litecoin Core v0.21.5.4 was released, advising all users to upgrade due to important security updates. According to the Litecoin Foundation, the bug was fully patched and the network resumed normal operations by Sunday morning. However, prominent researchers have pointed out discrepancies in the timeline of events, suggesting that the consensus vulnerability was privately patched a month prior to the attack but not publicly disclosed or mandated for all mining pools. This created a window of vulnerability where some miners ran patched code while others ran the vulnerable version, which the attackers seemingly exploited. A security researcher noted that the attack involved a pre-funded wallet 38 hours before the exploit, with the destination address set to swap LTC for ETH on a decentralized exchange. The denial-of-service attack and the MWEB bug were separate components, with the DoS designed to take patched mining nodes offline, allowing the unpatched ones to form a chain that included the invalid transactions. The network's automatic handling of the 13-block reorganization once the DoS stopped suggests that enough hashrate was running updated code to eventually overpower the attack. This incident highlights the differences in how code maintainers and developers react to exploits on various networks, with older proof-of-work networks like Litecoin and Bitcoin being more vulnerable due to their reliance on independent mining pools choosing when to upgrade.