Litecoin suffers 13‑block reorg
- Litecoin said on April 25 that attackers exploited an MWEB bug, hit major mining pools with denial-of-service traffic, and forced a 13-block reorganization. - The invalid fork lasted 13 blocks on April 25; Litecoin said valid transactions remained safe, while NEAR Intents initially disclosed about $600,000 exposure. - The dispute now centers on whether “zero-day” fits a bug tied to older code and patch timing. (coindesk.com)
Litecoin said attackers exploited a bug in its MimbleWimble Extension Blocks privacy layer on April 25, forcing a 13-block chain reorganization. (news.bitcoin.com) MimbleWimble Extension Blocks, or MWEB, is Litecoin’s optional privacy layer. Litecoin Core 0.21.2 added full node, wallet, and mining support for MWEB in May 2022. (blog.litecoin.org) Litecoin said some mining nodes running outdated software accepted an invalid MWEB transaction. The project said that bug also triggered a denial-of-service attack that disrupted major mining pools. (news.bitcoin.com) A chain reorganization is a rewrite of recent blocks when the network decides one branch is invalid and another branch is the real ledger. Litecoin said the 13-block reorg removed the bad transactions before they could settle on the main chain. (news.bitcoin.com) The immediate risk was not ordinary Litecoin payments alone. Litecoin said the invalid MWEB transaction let coins be pegged out to third-party decentralized exchange platforms, and NEAR Intents initially reported roughly $600,000 in exposure. (news.bitcoin.com) (www.kucoin.com) Litecoin said all valid transactions from that period are unaffected and that the bug is fully patched. The project said the network was operating normally again by the afternoon of April 25. (news.bitcoin.com) The argument now is over disclosure, not the reorg itself. Litecoin described the flaw as a zero-day, while CoinDesk reported GitHub commit history suggests developers had touched related code before the attack. (coindesk.com) (github.com) That matters because Litecoin’s latest listed release on GitHub is v0.21.4 from November 7, 2024, and the project’s 2022 MWEB release notes warned that downgrading to older versions was unsafe after activation. (github.com) (blog.litecoin.org) The episode also put a spotlight on cross-chain systems that treat recent Litecoin transactions as final. NEAR Intents describes itself as a multichain execution system, and those designs can inherit risk when an underlying chain rewinds blocks. (www.near.org 1) (www.near.org 2) For Litecoin, the chain is back to normal. The harder question left by April 25 is how many miners and services were still trusting software old enough to accept the bad branch. (news.bitcoin.com) (blog.litecoin.org)
