Litecoin's network experienced a 13-block chain reorganization, undoing approximately 32 minutes of activity. Attackers exploited a vulnerability in the Mimblewimble Extension Block (MWEB) protocol, enabling denial-of-service attacks against mining pools and allowing invalid MWEB transactions.
The Litecoin Foundation stated the bug was fully patched and the network is stable. However, security researchers point to the litecoin-project GitHub repository, revealing the consensus vulnerability was privately patched between March 19 and March 26, over four weeks before the attack.
A separate denial-of-service vulnerability was patched on April 25. Both fixes were included in release 0.21.5.4 on the afternoon of the attack.
A zero-day vulnerability is typically unknown to defenders at the time of an attack. Litecoin's commit history indicates the consensus vulnerability was known and privately addressed a month prior, but the fix was not publicly disseminated or mandated for all mining pools. This created a disparity where some miners used patched code while others ran the vulnerable version.
Blockchain data shows the attacker pre-funded a wallet 38 hours before the exploit. The DoS attack and the MWEB bug appear to be separate components, with the DoS aimed at disabling patched mining nodes so unpatched nodes could establish the chain with invalid transactions.
The network's automatic correction of the 13-block reorganization suggests sufficient hashrate was running updated code to eventually overcome the attack. This incident highlights differences in how code maintainers and developers respond to exploits across various blockchain networks, particularly the challenge for older proof-of-work networks like Litecoin in mandating timely upgrades among independent mining pools.