Back
Litecoin Says Zero-Day Bug Triggered DoS Attack and 13-Block Reorganization

Litecoin Says Zero-Day Bug Triggered DoS Attack and 13-Block Reorganization

According to Litecoin, a zero-day MWEB consensus flaw on unpatched mining nodes caused a DoS attack and invalid transactions; the Litecoin Foundation called it a zero-day, though GitHub shows a private patch existed weeks earlier.

LTC

Fact Check
The claim is strongly supported by Litecoin’s own statement in x post 2048135554445832542, which explicitly says a zero-day vulnerability caused a DoS attack, that non-updated mining nodes accepted an invalid MWEB transaction, and that a 13-block reorganization reversed the invalid transactions. The Odaily report, 莱特币披露零日漏洞引发 DoS 攻击及异常 MWEB 交易,区块重组后修复, independently summarizes the same facts and points back to Litecoin’s statement. The only notable nuance is wording: the official post says non-updated mining nodes accepted an invalid MWEB transaction and mentions unauthorized peg-outs, while the user claim says 'invalid MWEB transactions' plural and 'normal network operations resumed.' The main substance matches, and Odaily additionally states the vulnerability was fixed, supporting the resumed-operations framing.
    Reference1
Summary

Litecoin said a zero-day bug in its MimbleWimble Extension Block (MWEB) module affected unpatched mining nodes, causing a denial-of-service attack that disrupted major mining pools, enabled invalid MWEB transactions, and led to a 13-block chain reorganization that reversed the activity. Litecoin said valid transactions were unaffected, a patch has been released, and normal operations resumed. The Litecoin Foundation described the incident as a zero-day exploit, but the litecoin-project GitHub repository indicates the related consensus vulnerability was privately patched between March 19 and March 26, more than four weeks before the weekend attack.

Terms & Concepts
  • Zero-day bug: A software vulnerability exploited before a fix is broadly available, publicly disclosed, or applied by affected users and operators.
  • MWEB module: Litecoin’s MimbleWimble Extension Block component, which adds privacy-focused and scalability-related transaction functionality to the network.
  • Consensus vulnerability: A flaw in the rules or software nodes use to agree on the blockchain’s valid state, potentially affecting transaction validity and chain stability.