Key Takeaways
- A vulnerability in Litecoin’s blockchain triggered a 13-block chain reorganization following a coordinated attack on Saturday
- The MimbleWimble Extension Block (MWEB) privacy feature was compromised, allowing attackers to broadcast invalid transactions
- Mining pools operating updated node software faced denial-of-service attacks that temporarily reduced their hash power
- Evidence points to pre-planning, including funding from a Binance-linked address, raising questions about the zero-day classification
- The vulnerability has been resolved with a patch; legitimate transactions remained intact, though trading platforms reported approximately $600,000 in losses on NEAR Intents
Litecoin experienced a significant security incident on Saturday when attackers leveraged a vulnerability in its MimbleWimble Extension Block privacy feature to conduct the first recorded attack on this system since its 2022 deployment.
The exploit enabled outdated mining nodes to approve an invalid transaction, permitting attackers to withdraw coins from the privacy layer and transfer them to decentralized exchanges and cross-chain swap protocols.
Simultaneously, mining pools operating current, patched software experienced denial-of-service attacks. These assaults temporarily eliminated their hash power contribution and allowed outdated nodes to dominate network consensus.
Following the cessation of the denial-of-service attacks, the updated nodes reasserted control and initiated a 13-block reorganization of the blockchain. This action nullified the fraudulent transactions, eliminating more than three hours of compromised blockchain history.
The Litecoin Foundation verified that every legitimate transaction executed during the affected timeframe remains recorded on the primary chain. The security flaw has been completely addressed through a patch, according to the team’s statement.
The fork spanned from block 3,095,930 through 3,095,943 and extended beyond three hours. Throughout this interval, attackers executed double-spend attacks targeting several cross-chain swap protocols that had processed the subsequently invalidated withdrawals.
Aurora Labs CEO Alex Shevchenko characterized the incident as a “coordinated attack.” He further noted that funding for the attacker originated from a Binance address earlier in the week, indicating advance preparation.
Zero-Day Classification Disputed by Developers
Shevchenko challenged whether the vulnerability qualified as a genuine zero-day exploit. He observed that the network’s automatic execution of the reorganization after the denial-of-service attacks concluded indicated some portion of the hash rate was already operating updated software.
“This bug was known, and it’s not a zero-day,” Shevchenko wrote on X.
Blockchain developer Vadim emphasized that the timing and specific targeting indicated a planned operation rather than an opportunistic exploit.
Financial Impact Documented Across Multiple Platforms
Shevchenko calculated that NEAR Intents sustained approximately $600,000 in losses from the incident. He called on all trading platforms processing Litecoin to conduct comprehensive audits of their transaction records and asset holdings.
The Litecoin Foundation has yet to identify which mining pools experienced the attacks or reveal the total amount of Litecoin generated through the invalid transactions.
Litecoin was priced around $56.00 at approximately 4:30 p.m. ET on Saturday, declining roughly 1% during the trading session, with markets showing minimal immediate response to the security event. The cryptocurrency has declined nearly 25% year-to-date.
The incident contributes to an escalating series of cryptocurrency security breaches throughout 2026. DeFi protocols have suffered more than $750 million in exploit-related losses through mid-April, including the $292 million Kelp DAO bridge compromise on April 19 and a $285 million assault on Solana-based perpetuals platform Drift on April 1.
Cross-chain infrastructure represented the shared vulnerability vector in the majority of these incidents, including the Litecoin breach that occurred Saturday.
