Litecoin erases 14 blocks after MWEB zero-day exploit
Litecoin reverted blocks 3,095,930–3,095,943 after a zero-day in its MWEB privacy layer allowed crafted peg-outs that enabled cross-chain double-spends.
On Saturday the Litecoin network underwent a deep chain reorganization that removed blocks 3,095,930–3,095,943 after a zero-day in its MimbleWimble Extension Block (MWEB) privacy layer allowed invalid peg-outs and cross-chain double-spends.
The Litecoin Foundation posted on X that the bug let mining nodes running older software accept an invalid MWEB transaction. Crafted peg-outs moved LTC from the confidential MWEB sidechain back to the main chain and were routed to third-party decentralized exchanges. Major mining pools experienced a denial-of-service condition linked to the same flaw. Aurora Labs CEO Alex Shevchenko described the incident on X as a “coordinated attack,” writing that the fork ran from block 3,095,930 to 3,095,943 and took more than three hours while attackers executed double-spend operations against multiple cross-chain swap protocols.
The Foundation said the offending transactions were erased from the blockchain and that valid transactions from the same period remain intact. The organization reported the vulnerability has been fully patched but did not identify the affected mining pools or disclose how much LTC the invalid peg-outs produced. Some trading venues have reported losses tied to the incident.
Shevchenko wrote that “The exposure for NEAR Intents is around $600k” and urged venues handling Litecoin to audit transactions and holdings, adding that observers saw multiple double-spend transactions.
MWEB, activated on Litecoin by soft fork in May 2022, lets users move LTC from the transparent base chain into a confidential sidechain through peg-in and peg-out transactions. The MWEB extension validates coin conservation between the two layers on each block. A bug that produces a valid-looking but unauthorized peg-out allows an attacker to introduce LTC onto the main chain until honest nodes reject the offending block, which can trigger a reorganization.
The Foundation confirmed the blockchain state was corrected by removing the orphaned blocks. The organization did not immediately answer further requests for comment.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
