Litecoin Recovers from Denial-of-Service Attack by Rewriting 13 Blocks

Late Friday and Saturday, a chain reorganization of 13 blocks on the Litecoin network rewound approximately 32 minutes of activity after attackers exploited a vulnerability in the Mimblewimble Extension Block protocol, enabling a denial-of-service attack against major mining pools and allowing invalid transactions to temporarily bypass updated nodes before the network's longest valid chain corrected them. The Litecoin Core v0.21.5.4 release has been made available, advising all users to upgrade due to important security updates. According to the Litecoin Foundation, the bug has been fully patched and the network is now operating as normal. However, security researchers have raised concerns based on the timeline of patches pulled from the public commit log on the litecoin-project GitHub repository. It appears the consensus vulnerability was known and patched a month prior to the attack, yet the fix was not publicly announced or mandated for all mining pools, creating a window of vulnerability. This incident highlights the differences in how various networks respond to exploits, with newer chains capable of rapid coordination and patch deployment, while older proof-of-work networks like Litecoin face challenges due to the independence of mining pools and the time required for security patches to reach all users.