A 13-block chain reorganization on the Litecoin network over the past weekend rewound approximately 32 minutes of network activity, according to a report by CoinDesk.
The exploit targeted a vulnerability within the Mimblewntimble Extension Block (MWEB) protocol. Attackers used the bug to launch denial-of-service attacks against major mining pools, allowing invalid MWEB transactions to pass through nodes that had not yet updated their software.
While the Litecoin Foundation stated on Sunday that the bug was fully patched and the network is operating normally, public records suggest the vulnerability was not unknown to developers.
Security researcher bbsz, part of the SEAL911 emergency response group, identified a discrepancy between the Foundation's post-mortem and the Litecoin-project GitHub repository. The commit history shows the core consensus vulnerability was privately patched between March 19 and March 26, more than four weeks prior to the exploit.
Discrepancy in patch timeline
According to the GitHub logs, a second denial-of-service vulnerability was patched on the morning of April 25. Both fixes were integrated into release 0.21.5.4 on the same afternoon the attack began.
This timeline indicates a period where the vulnerability was known to developers but not yet universally deployed across all mining pools. This gap allowed attackers to target nodes running outdated, vulnerable code.
"The post-mortem says one zero-day caused a DoS that let an invalid MWEB transaction slip through," bbsz wrote, noting that the git log tells a different story.
By definition, a zero-day vulnerability is one that is unknown to the defenders at the time of the attack. The public commit history suggests the Litecoin developers had already addressed the consensus bug weeks earlier.
CoinDesk reported that the Litecoin network eventually reorganized back to the valid chain once the denial-of-service attacks on patched miners ceased. However, the Foundation has not yet disclosed the specific timeline of the patch deployment or the total amount of LTC affected during the window of invalid blocks.
