Litecoin's MimbleWimble Extension Block (MWEB) contained a zero-day vulnerability that allowed attackers to push an invalid transaction through non-updated nodes, enabling unauthorized fund peg-outs and a denial-of-service attack on mining pools.
To contain the damage, the Litecoin network executed a 13-block reorganization, rolling back the invalid transactions. Valid transactions were not affected by the reorg.
The vulnerability has since been fully patched and the network is reported to be operating normally. The incident underscores the risks that arise when a subset of nodes runs outdated software during protocol upgrades.
Original content
Litecoin Reorg Reverses Invalid MWEB Transactions After Zero-Day Exploit
Litecoin said a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) allowed non-updated nodes to validate an invalid transaction, enabling attackers to peg out funds and trigger a DoS attack on mining pools. The network executed a 13-block reorganization to reverse the invalid transactions, while valid transactions remained unaffected. The vulnerability has since been fully patched and the network is operating normally.
https://t.co/5pLVF5x4qs
TheBlock
Lookonchain
CoinDesk