Over the weekend, Litecoin experienced a significant security breach that resulted in a 13-block chain reorganization, effectively reversing approximately 32 minutes of network activity. This incident was attributed to a vulnerability within its Mimblewimble Extension Block (MWEB) protocol, which allowed attackers to exploit the network before a patch was fully implemented.
The Litecoin Foundation characterized the exploit as a zero-day vulnerability, indicating that it was previously unknown to developers at the time of the attack. However, scrutiny from security researchers has raised questions about the timeline of the vulnerability and the subsequent patching process.
According to the litecoin-project GitHub repository, the consensus vulnerability was privately addressed between March 19 and March 26, approximately four weeks prior to the exploit. A separate denial-of-service vulnerability was patched on April 25, just hours before the attack commenced.
Now that stuff has been made public on the Litecoin GitHub, we have a better sense of timeline and what happened. In the age of Mythos, this timeline simply doesn’t fly.
Security researcher bbsz, affiliated with the SEAL911 emergency response group for cryptocurrency exploits, emphasized that the GitHub commit history reveals a discrepancy between the reported timeline and the actual events. The patch for the consensus vulnerability had not been widely communicated, allowing some miners to operate on outdated, vulnerable versions of the software.
This situation created an opportunity for attackers, who appeared to have knowledge of which mining nodes had updated their software and which had not. Alex Shevchenko, CTO of the NEAR Foundation’s Aurora project, noted that the attackers had pre-funded a wallet 38 hours before the exploit, indicating premeditated planning.
The attack involved a denial-of-service component designed to disrupt patched mining nodes, allowing unpatched nodes to create a chain that included invalid transactions. The Litecoin network eventually managed to correct the invalid blocks, suggesting that sufficient hashrate was operating on the updated code, but not before the unpatched fork had persisted for 32 minutes.
This incident highlights the differing responses to security breaches across various blockchain networks. While newer chains with smaller validator sets can implement updates quickly, older proof-of-work networks like Litecoin and Bitcoin rely on independent mining pools to decide when to upgrade. This decentralized approach can create vulnerabilities during urgent security situations.
As of Sunday morning, the Litecoin Foundation had not publicly addressed the discrepancies in the GitHub timeline. The total amount of LTC involved in the exploit and the value of any swaps executed before the network’s reorganization remain undisclosed.
Litecoin faced a security breach over the weekend, leading to a 13-block chain reorganization. The incident, linked to a vulnerability in its MWEB protocol, raises questions about the patching timeline and the network's response to security threats.