Litecoin Recovers from Denial-of-Service Attack by Rewriting 13 Blocks

Late Friday and Saturday, the Litecoin network experienced a significant disruption when attackers exploited a vulnerability in its Mimblewimble Extension Block protocol, leading to a 13-block chain reorganization that rewound approximately 32 minutes of network activity. The attack, which utilized a denial-of-service strategy, enabled invalid transactions to bypass nodes that had not been updated, before the network's longest valid chain rectified the issue. Following the incident, Litecoin Core v0.21.5.4 was released, containing crucial security updates, and all users were advised to upgrade. According to the Litecoin Foundation, the bug was fully patched, and the network resumed normal operations by Sunday morning. However, security researchers have raised concerns regarding the timeline of events, pointing out that the vulnerability was privately patched between March 19 and 26, roughly four weeks before the attack. This has sparked debate about the effectiveness of the network's response to security threats, particularly in comparison to newer blockchain networks. The attack has also highlighted the challenges faced by older proof-of-work networks, such as Litecoin and Bitcoin, in coordinating upgrades and patches across independent mining pools. As the situation continues to unfold, the Litecoin Foundation has yet to publicly address the GitHub timeline, and the extent of the damage caused by the exploit remains undisclosed.