Litecoin Network Recovers from Denial-of-Service Attack and 13-Block Chain Reorganization

A significant disruption occurred on the Litecoin network over the weekend, involving a denial-of-service attack that took advantage of a vulnerability in the Mimblewimble Extension Block protocol, resulting in a 13-block chain reorganization that rewound approximately 32 minutes of network activity. The attack allowed invalid transactions to be processed by nodes that had not been updated, before the network's longest valid chain corrected them. Following the incident, Litecoin Core v0.21.5.4 was released, containing crucial security updates, and all users are advised to upgrade. According to the Litecoin Foundation, the bug has been fully patched, and the network is now operating normally. However, security researchers have pointed out discrepancies in the timeline of events, suggesting that the vulnerability was known and privately patched a month prior to the attack, but the fix had not been publicly disclosed or mandated for all mining pools. This created a window of opportunity for the attackers, who appeared to be aware of which nodes were running the patched code and which were still vulnerable. The attack has raised concerns about the security of the Litecoin network and the potential for similar exploits in the future. Blockchain data revealed that the attacker had pre-funded a wallet 38 hours before the exploit, with the destination address configured to swap LTC for ETH on a decentralized exchange. The denial-of-service attack and the MWEB bug were separate components, designed to take patched mining nodes offline and allow unpatched nodes to form a chain that included invalid transactions. The fact that the network automatically handled the 13-block reorganization once the DoS stopped suggests that enough hashrate was running updated code to eventually overpower the attack. The incident highlights the differences in how various networks respond to exploits, with newer chains having more centralized validator sets and being able to coordinate upgrades quickly, while older proof-of-work networks like Litecoin rely on independent mining pools to choose when to upgrade, creating a window of vulnerability.