Litecoin Reorg Rewinds 32 Min After 13-Block MWEB Exploit, $600K at Risk

The Litecoin network went through a significant security incident on Friday, April 25, when attackers exploited a vulnerability in the MWEB (MimbleWimble Extension Blocks) privacy layer, triggering a rare 13-block chain reorganization. The reorg effectively rewound around 32 minutes of network activity, and the fork stretched from block 3,095,930 to block 3,095,943, taking more than three hours to fully produce.

Initially, on-chain monitoring tools flagged the anomaly as a potential 51% attack, but the Litecoin Foundation clarified in a post on X that the root cause was a logical vulnerability within the MWEB protocol itself, not an external hashpower hijack.

The official blog post from the team confirmed that the main vulnerability (commit 1dcbf3f) allowed the MWEB kernel sum to become unbalanced. This directly compromised the integrity of MWEB’s input and output accounting. In simpler terms, the bug let attackers unlock coins from the MWEB privacy layer and peg them out to third-party decentralized exchanges without proper authorization.

Litecoin developer Loshan stated in the official release notes that the update includes important security fixes and that all node operators and wallet users should upgrade as soon as possible.

How the attack played out

The exploit was not a single-step operation. According to analysis from Alex Shevchenko, CTO of NEAR Foundation’s Aurora project, the attacker combined two separate vulnerabilities to pull this off.

The first was the consensus bug in MWEB that allowed invalid peg-out transactions to be created. The second was a denial-of-service (DoS) vulnerability that could knock updated mining nodes offline. By hitting the patched miners with the DoS attack, the attacker forced the network to temporarily rely on nodes that had not installed the fix. 

Those unpatched nodes accepted the invalid MWEB transaction as legitimate, and the attacker routed the coins to decentralized exchanges.

Blockchain data showed that the attacker had pre-funded a wallet through a Binance withdrawal roughly 38 hours before the exploit went live. The destination address was already configured to swap LTC into ETH on a decentralized exchange. This level of preparation suggests the attack was carefully planned, not opportunistic.

Once the DoS attack subsided, mining pools running the updated code regained the majority of the hashrate, and the network automatically reorganized back to the valid chain, wiping out the invalid transactions. The Litecoin Foundation confirmed that all legitimate transactions during that window remained unaffected.

NEAR intents reports $600,000 in exposure

The fallout was not limited to the Litecoin chain. Shevchenko publicly stated on X that cross-chain bridge NEAR Intents faced approximately $600,000 in exposure from the incident. During the fork window, attackers had performed double-spend attacks against multiple cross-chain swapping protocols that had accepted the now-orphaned MWEB peg-outs.

NEAR Intents has pledged to compensate affected users and has temporarily suspended its LTC services until network stability is fully confirmed. With the invalid transactions now reversed on Litecoin’s main chain, the actual settled losses may end up being lower than the initial exposure figure, but the final numbers have not been disclosed yet.

What v0.21.5.4 patches

The Litecoin Core v0.21.5.4 release, announced on X, rolled out on the afternoon of April 25, after the attack had already begun. It bundles several fixes beyond the main consensus vulnerability.

The update adds dual verification of input commitment and public key for MWEB inputs (commit e7cbf1d), providing an additional layer of defense. It also fixes a kernel fee integer overflow issue during MWEB transaction verification (42e7071), clears block data of mutated blocks to prevent miner DoS conditions (742ee94), and ensures miners no longer include MWEB transactions when the sum of input/output commitments equals zero (f423a84).

On the stability side, the release addresses data corruption issues during PMMR rewind (23e5eac), improves MMR file write durability, adds MWEB view keys to the dumpwallet output, and fixes a Boost >= 1.78 compatibility problem.

The timeline that has researchers concerned

Here is where the story gets uncomfortable for the Litecoin team. Security researcher bbsz, who works with the SEAL911 emergency response group for crypto exploits, pulled the patch timeline from the public GitHub commit log and posted it on X.

According to the commit history, the consensus vulnerability that allowed the invalid MWEB peg-out was privately discovered and patched between March 19 and March 26. That is roughly 37 days before the April 25 attack. The separate DoS vulnerability, on the other hand, was patched on the morning of April 25. Both fixes were then bundled into the v0.21.5.4 release the same afternoon.

The key problem? The consensus fix had been sitting in the codebase for a month, but it was never broadcast publicly or made a mandatory upgrade for mining pools. That created a split where some miners ran the patched code while others stayed on the vulnerable version. The attackers appear to have known exactly which pools had updated and which had not.

bbsz put it bluntly, writing that the post-mortem describes one zero-day causing a DoS that lets an invalid MWEB transaction slip through, but the git log paints a different picture. A zero-day, by definition, is a vulnerability that defenders are unaware of at the time of attack. The GitHub history suggests the Litecoin team knew about the consensus bug and fixed it privately weeks in advance. The fix just never reached the broader network in time.

The Litecoin Foundation has not publicly addressed the GitHub timeline as of Sunday morning.

The bigger problem for Proof-of-Work networks

This incident highlights a fundamental tension in proof-of-work networks like Litecoin and Bitcoin. Unlike newer chains with smaller, more centralized validator sets that can coordinate upgrades through private chat groups and push patches network-wide within hours, PoW networks rely on independent mining pools choosing when and whether to upgrade.

That decentralized upgrade model works well enough for non-urgent changes. But when a critical security patch needs to reach every participant before an attacker exploits the gap, the lack of a mandatory update mechanism becomes a real vulnerability. In Litecoin’s case, the patch existed for a month. The miners just did not update.

The fact that the network self-corrected through the 13-block reorg once the DoS stopped shows that enough hashrate was running the updated code to eventually overpower the attack. But it also means the unpatched fork ran for 32 minutes, and during that window, real value was extracted through double-spend attacks on cross-chain protocols.

MWEB’s broader context

MWEB has been live on the Litecoin mainnet since May 2022, when it was activated through a soft fork. It operates as a parallel extension to the main blockchain, allowing users to peg in their LTC to a confidential state where transaction amounts and participants are hidden, and peg out when they want to return to the transparent main chain. Since its launch, MWEB has achieved a node support rate of over 90%, with a total balance of around 260,000 LTC locked in the extension layer.

This is the first known major exploit targeting MWEB since its activation. The vulnerability involved the protocol-level accounting logic, which means its impact was not limited to specific wallets. All nodes running older versions were at risk. The community has been actively discussing the incident on ther/litecoin subreddit, with many users initially questioning whether this was a full-blown attack or a protocol-level bug that was exploited.

Where things stand now

The Litecoin Foundation said in Asian morning hours on Sunday that the bug is fully patched and the network is operating normally. LTC is currently trading at approximately $56.26, down about 1% on the day, with no sharp market reaction to the disclosure. The token is down roughly 25% year-to-date.

The broader ecosystem backdrop for Litecoin remains positive despite this incident. In March, the SEC-CFTC joint interpretive framework officially classified LTC as a “digital commodity,” placing it among 16 crypto assets that are explicitly not securities under federal law. The Canary Litecoin ETF (LTCC) has been trading on NASDAQ, and the LitecoinVM (LitVM) zero-knowledge rollup testnet went live in early April, recording nearly 100,000 transactions in its first 24 hours.

But the security incident has put a spotlight on how the Litecoin team handles vulnerability disclosure and miner coordination. The development team responded quickly once the attack was underway. The deeper question is why a month-old patch did not reach the wider network before someone exploited the gap.

Also Read: Aave Labs & Kelp DAO Push Arbitrum to Release Exploiter’s Frozen Funds

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.