Litecoin Faces 13-Block Reorganization Due to Zero-Day Vulnerability Exploitation
Severity: High (Score: 69.8)
Sources: En.Bloomingbit, Mexc.Co, Mexc, Kucoin, Cryptonews
Summary
On April 25, 2026, Litecoin experienced a significant 13-block chain reorganization after attackers exploited a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) protocol. The vulnerability allowed outdated mining nodes to validate invalid MWEB transactions, enabling attackers to peg out coins to third-party decentralized exchanges. This incident resulted in a denial-of-service (DoS) attack that disrupted major mining pools. The Litecoin Foundation confirmed that all invalid transactions during the exploit were reversed and that valid transactions remained unaffected. The vulnerability was patched with the release of Litecoin Core v0.21.5.4 on the same day as the attack began. Security researchers have raised concerns that the consensus vulnerability had been privately patched weeks before the attack, suggesting a lapse in communication about the necessary updates. The incident highlights vulnerabilities in proof-of-work networks where miners may run outdated software. The network is currently operating normally after the patch. Key Points: • A zero-day vulnerability in Litecoin's MWEB protocol led to a 13-block reorganization. • Attackers exploited outdated mining nodes to validate fraudulent transactions. • The vulnerability has been patched, and the network is operating normally.
Key Entities
- 51% Attack (attack_type)
- Data Breach (attack_type)
- DDoS (attack_type)
- Denial-of-Service (attack_type)
- Denial of Service (attack_type)
- Aurora Labs (company)
- Grin (company)
- Litecoin (company)
- Litecoin Foundation (company)
- NEAR Foundation (company)
- Monero (tool)
- Cwe-190 - Integer Overflow Or Wraparound (cwe)
- e-cash.org (domain)
- T1499 - Endpoint Denial of Service (mitre_attack)
- Litecoin Core (platform)
- Mimblewimble Extension Block (mweb) Protocol (platform)
- MWEB (platform)
- MWEB Protocol (platform)