Loading prices…
Zipp Zipp Advertise
Sign up Sign in
🩸BEARISH CoinDesk

Litecoin's 13-block reorg traced to a month-old private patch that never reached all…

Litecoin suffered a 13-block chain reorganization after attackers exploited a vulnerability in its Mimblewimble…

Litecoin suffered a 13-block chain reorganization after attackers exploited a vulnerability in its Mimblewimble Extension Block (MWEB) protocol, rewinding roughly 32 minutes of on-chain activity. The Litecoin Foundation initially described the incident as a zero-day attack, but public GitHub commit history contradicts that framing.

Researchers, including SEAL911's bbsz, found that the core consensus bug was privately patched between March 19 and 26 — about four weeks before the exploit. A separate denial-of-service vulnerability was patched only on the morning of April 25, the day of the attack. Both fixes were bundled into Litecoin Core v0.21.5.4 after the attack had already begun.

The gap between private patching and full network deployment appears to have been the attack vector. Some mining pools ran updated code while others remained on the vulnerable version. Blockchain data…

Related tokens
$LTC
$LTC#Litecoin#Security#Mimblewimble

Frequently asked questions

  1. What were the consequences of the 13-block reorganization for Litecoin users?

    The 13-block reorganization rewound approximately 32 minutes of on-chain activity, potentially affecting transactions and user balances during that time.

  2. How did the private patching timeline contribute to the exploit?

    The gap between the private patching of the core consensus bug and its full deployment allowed some mining pools to remain on the vulnerable version, which facilitated the attack.

Source attribution
Aggregated from CoinDesk · Verified · Last refreshed 44d ago
Open original →

More from Security

Stories our editors think pair well with this one.

Older in Security

Catch up on earlier coverage from this beat.