Litecoin Suffers Denial-of-Service Attack, Successfully Reverses 13 Blocks

On Friday and Saturday, a chain reorganization of 13 blocks was executed on the Litecoin network, effectively reversing approximately 32 minutes of network activity. This action was taken in response to a denial-of-service attack that exploited a vulnerability in the Mimblewimble Extension Block (MWEB) protocol, allowing invalid transactions to bypass nodes that had not been updated. The Litecoin Core v0.21.5.4 release has been issued, and all users are advised to upgrade due to important security updates. According to the Litecoin Foundation, the bug has been fully patched, and the network is now operating normally. However, security researchers have pointed out discrepancies in the timeline of events, suggesting that the vulnerability was privately patched between March 19 and 26, roughly four weeks before the attack occurred. The consensus vulnerability and a separate denial-of-service vulnerability were both patched and included in the release 0.21.5.4 after the attack had begun. The exploit has raised concerns regarding the window of vulnerability created when some miners ran patched code while others ran the still-vulnerable version, allowing attackers to target the unpatched nodes. Blockchain data revealed that the attacker had pre-funded a wallet 38 hours prior to the exploit and had configured the destination address to swap LTC for ETH on a decentralized exchange. The denial-of-service attack and the MWEB bug were separate components, with the DoS designed to take patched mining nodes offline, enabling the unpatched ones to form a chain that included the invalid transactions. The network's automatic handling of the 13-block reorganization once the DoS stopped suggests that enough hashrate was running updated code to eventually overpower the attack. The incident highlights the differences in how code maintainers and developers react to exploits on various networks, with newer chains having more centralized validator sets and being able to coordinate upgrades and push patches network-wide more quickly. In contrast, older proof-of-work networks like Litecoin and Bitcoin rely on independent mining pools choosing when to upgrade, creating a window of vulnerability when a security patch needs to reach everyone before an attacker exploits the gap.