Litecoin experienced a significant chain reorganization on Saturday after attackers took advantage of a zero-day vulnerability linked to its MimbleWimble Extension Block (MWEB) privacy feature, according to the Litecoin Foundation.
Summary
The network rolled back 13 blocks following the exploit of a flaw in its MWEB privacy layer.
Attackers attempted double-spend transactions during the fork window, targeting cross-chain swap protocols.
The Litecoin Foundation confirmed the issue has now been fixed, though some platforms reported financial losses.
The vulnerability allowed outdated mining nodes to validate an invalid MWEB transaction, triggering a network fork that persisted for over three hours before consensus was restored.
Invalid Transactions Removed
The disruption impacted blocks 3,095,930 through 3,095,943, as noted by Alex Shevchenko. He characterized the incident as a coordinated attack in a post on X.
As a result, the 13-block reorganization wiped out the invalid transactions from the main chain history. According to the Foundation, legitimate transactions processed during that time were preserved.
During the fork, attackers exploited the temporary inconsistency to attempt double-spends against cross-chain swap systems. These platforms had processed MWEB peg-out transactions that were later invalidated once the network reorganized.
Shevchenko estimated the exposure for NEAR Intents at around $600,000 and advised trading platforms to audit Litecoin-related balances, citing multiple observed double-spend attempts.
Bug Patched, Investigation Ongoing
The Litecoin Foundation confirmed the zero-day flaw has been fully addressed. However, it did not disclose which mining pools were affected or the total value involved in the invalid transactions.
This marks the first major exploit involving MWEB since the privacy feature was introduced in 2022. Following the news, Litecoin traded near $56, reflecting a modest decline of about 1% on the day.
