Litecoin Recovers from Denial-of-Service Attack and Block Rewrite

Late Friday and Saturday, a series of events unfolded on the Litecoin network, starting with a 13-block chain reorganization that effectively rewound 32 minutes of network activity. This reorganization was in response to a denial-of-service attack that targeted major mining pools by exploiting a vulnerability in its Mimblewimble Extension Block (MWEB) protocol. The bug allowed invalid MWEB transactions to bypass nodes that had not been updated, before the network's longest valid chain corrected them. Following the incident, Litecoin Core released version 0.21.5.4, which includes important security updates, and all users are advised to upgrade. The Litecoin Foundation announced on Sunday that the bug had been fully patched and the network was operating normally. However, analysis of the litecoin-project GitHub repository suggests that the consensus vulnerability was known and privately patched between March 19 and 26, roughly four weeks before the attack occurred. This timeline indicates that while the fix was available, it had not been publicly announced or mandated for all mining pools, creating a window of vulnerability. Prominent researchers have pointed out discrepancies between the Foundation's account and the information available on the GitHub repository. The attack involved a combination of a denial-of-service vulnerability and an exploit of the MWEB protocol, allowing the attackers to execute invalid transactions. Blockchain data revealed that the attacker had pre-funded a wallet 38 hours before the exploit, planning to swap the stolen LTC for ETH on a decentralized exchange. The automatic handling of the 13-block reorganization by the network once the DoS stopped suggests that enough hashrate was running updated code to eventually overpower the attack. This incident highlights the differences in how various networks respond to exploits, with newer chains often coordinating upgrades quickly through centralized validator sets, while older proof-of-work networks like Litecoin rely on independent mining pools to upgrade, creating potential windows of vulnerability.