Litecoin developers have analyzed two recent security issues. They discovered a bug in how the network processed a specific type of transaction (Mimblewimble Extension Blocks) that allowed someone to create a fake transaction worth over 85,000 LTC in March 2026. This later led to a disruption of the network in April, causing a 13-block chain reorganization that affected the Thorchain and NEAR Intents platforms.
Key Takeaways:
- A Litecoin MWEB validation bug let an attacker inflate and peg out 85,034 LTC in March 2026, but the actor returned the funds for an 850 LTC bounty.
- An April 2026 exploit attempt triggered a 13-block chain reorg, causing NEAR Intents to lose 11,000 LTC swapped for 7.78 BTC.
- Litecoin Core v0.21.5.4 patches both the inflation bug and the mining node stall that enabled the April reorg.
Litecoin Developers Release Postmortem After MWEB Bug Causes Chain Reorg
The postmortem identified the root cause as a missing metadata check during block connection. When an MWEB input spends a previous output, the metadata it carries must match the actual UTXO being consumed. That check existed in the mempool and block-building paths, but developers confirmed it was not fully enforced at the block connection stage.
Developers discovered the vulnerability through internal review on March 19. A chain scan showed exploitation had already occurred at block 3,073,882. The attacker used a malicious MWEB input whose real value was no more than 1.2084693 LTC to support a pegout of 85,034.47285734 LTC.
Developers worked with leading mining pools in secret to limit the impact of the issue before making it public. They quickly released Litecoin Core version 0.21.5 to prevent miners from processing the faulty transactions. A second update, version 0.21.5.1, addressed the block that initially contained the exploit and temporarily blocked the attacker’s funds.
The actor attempted to spend at least one frozen output. Upgraded miners rejected the transaction. Developers then contacted the actor directly. The actor agreed to cooperate and signed a recovery transaction that returned 84,184.47278630 LTC to a developer-controlled address while keeping 850 LTC as an agreed bounty.
Litecoin founder, Charlie Lee, purchased the 850 LTC needed to make the MWEB balance whole. The full 85,034.47285734 LTC was pegged back into MWEB in a single transaction at block height 3,078,098, and the resulting MWEB output was frozen. No user funds were ultimately lost in the March incident.
According to the postmortem, a second attacker attempted the same exploit path in April, triggering a separate failure. Upgraded nodes rejected the malformed block, but the way mutated MWEB block data was handled caused certain mining RPC commands to hang, including the submitblock call. Upgraded mining nodes stalled while unupgraded miners continued extending the invalid chain.
A faulty version of the blockchain grew to 13 blocks long before updated miners worked together to correct it. While the incorrect chain was ultimately replaced, some external services had already registered transactions from it before the correction finished.
NEAR Intents confirmed the attacker swapped 11,000 LTC for 7.78814476 BTC before the reorg completed. Those 11,000 LTC were no longer present on the valid chain after the reorg, leaving NEAR Intents with a confirmed loss. Thorchain reported a separate loss after the attacker swapped 10 LTC for 0.00719957 BTC through its bridge before the reorg.
Litecoin Core version 0.21.5.4 fixed a problem that caused the software to freeze when processing certain blocks. It did this by clearing out the information it had saved for those problematic blocks, but still allowing the same block to be processed correctly if it was received again. This update was released to the public on April 25th.
The review of what happened revealed several mistakes in how we handled the situation. Specifically, our system for verifying miners depended too much on checks that weren’t in place when miners first connected. Getting things back on track also required releasing several versions of miner software, which was risky and complicated. Finally, we hadn’t tested how our system would react to the specific type of block failure that occurred in April, leaving us unprepared.
Community sentiment following the postmortem X post was largely supportive, with roughly 70% to 80% of replies citing appreciation for the team’s transparency and speed. Several responses noted that the chain itself held firm and that public disclosure built rather than damaged trust.
Users and node operators are advised to upgrade to Litecoin Core v0.21.5.4 or later, verify that their node is syncing normally, and reindex if the node remains stuck after a restart. The postmortem follows Litecoin’s recent post about doing better when it comes to posting on X. “Those in charge of posting from this [X] handle will do better in the future,” the official Litecoin X account wrote after the account was accused of being “childish” earlier in the week.
Read More
- Gold Rate Forecast
- Nintendo Switch 2 Reportedly Getting Remake of One of the Best PS3 and Xbox 360 Games
- 10 Movies That Were Banned in Different Countries For Random Reasons
- Welcome to Demon School! Iruma-kun season 4 release schedule: When are new episodes on Crunchyroll?
- 9 Great Supernatural Characters Everyone Forgot About
- Michael Jackson Biopic’s Record-Breaking Debut Unseats 2026’s Biggest Box Office Hit On U.S. Chart
- EUR JPY PREDICTION
- Crunchyroll Confirms New Isekai Anime Releases for 2026 and Beyond (With Major Returns)
- All 61 Episodes 90s Cult Classic Sci-Fi TV Show That Was Famously Canceled Twice Were Just Added to Tubi
- Crimson Desert Guide – How To Unlock All Elemental Skills
2026-04-28 21:28