Litecoin Faces Chain Reorganization Due to Zero-Day Vulnerability

Severity: Medium (Score: 51.9)

Sources: U.Today, Bitget, Mexc.Co, Cryptonews

Summary

On April 26, 2024, Litecoin experienced a significant chain reorganization due to a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) privacy feature. This incident led to a 13-block reorganization and a loss of approximately $600,000 in the NEAR Intents protocol. The vulnerability was exploited through a DDoS attack on honest miners, which forced nodes to accept an invalid version of the blockchain. Although initially perceived as a 51% attack, Litecoin developers clarified that it stemmed from a zero-day bug rather than a traditional hostile takeover. The Litecoin team has since patched the vulnerability and restored normal operations. The event has sparked discussions on the security models of proof-of-work versus the XRP Ledger's consensus algorithm, with XRP proponents arguing that their system is immune to such attacks. The incident serves as a reminder of the ongoing security challenges in the cryptocurrency space. Key Points: • Litecoin suffered a 13-block chain reorganization due to a zero-day vulnerability. • The attack exploited a DDoS method against honest miners, leading to significant financial losses. • The incident has reignited debates on the security of proof-of-work systems compared to XRP's consensus model.

Key Entities

• DDoS (attack_type)
• Zero-day Exploit (attack_type)
• Litecoin (company)
• NEAR Intents Protocol (company)
• Iran (country)
• T1499 - Endpoint Denial of Service (mitre_attack)
• Bitcoin (platform)
• MWEB (platform)
• NEAR Protocol (platform)
• XRP Ledger (platform)