Litecoin Hit by Zero-Day Attack Causing 13-Block Chain Reorganization

AIcash

Litecoin suffered a significant security incident on Saturday when a zero-day vulnerability was exploited to launch a denial of service attack against mining pools running newly updated software. The attack suppressed the hashing power of updated nodes, allowing older nodes to post invalid transactions to the network's MimbleWimble Extension Blocks privacy layer — including unauthorized attempts to peg out coins to decentralized exchanges and cross-chain swap protocols. Once updated nodes regained control of the network's hashing power, they executed a 13-block reorganization that reversed all invalid transactions, ensuring they will not appear on the main chain. The Litecoin team confirmed the bug has since been fully patched.

The incident has raised questions about whether the vulnerability was truly unknown before the attack. Aurora co-founder Alex Shevchenko noted that a Binance address funded the attacker earlier in the week, suggesting pre-planned execution and advance knowledge of the exploit. He argued the bug was not a genuine zero-day, pointing out that the network's automatic handling of the reorganization once the DoS stopped implies some portion of the hashrate was already running updated code — meaning someone knew about the vulnerability before it was publicly disclosed. Blockchain developer Vadim added that the timing and targeting of the attack did not appear opportunistic, drawing a broader conclusion that low-hashrate layer-1 blockchains are no longer safe collateral for cross-chain value transfer.

kevin1

A Binance address funding the attacker earlier that week turns "zero-day" into "planned operation with advance knowledge" — that's not a vulnerability story, it's a targeted attack story.

ed

Litecoin: the silver to Bitcoin's gold, apparently also the canary in the cross-chain coal mine