A vulnerability in Litecoin's MimbleWimble Extension Block allowed attackers to forge invalid peg-out transactions and attempt double-spends, triggering the deepest chain reorganisation in the network's history. GitHub commits show developers had a fix weeks before the exploit landed.
Litecoin rewrote more than three hours of its own history on Saturday after a zero-day vulnerability in its MimbleWimble Extension Block privacy layer allowed attackers to forge invalid peg-out transactions and attempt double-spends against cross-chain swap protocols.
The Litecoin Foundation confirmed that a denial-of-service attack knocked patched mining nodes offline, leaving unpatched nodes to build a chain containing the fraudulent transactions. The network responded with a 13-block reorganisation, the deepest in Litecoin's twelve-year history, to erase the invalid blocks and restore consensus. NEAR Intents, a cross-chain swap protocol, reported approximately $600,000 in exposure from the attack window and said its team would cover any user losses, though the Foundation says actual settled damages should be lower now that the offending transactions have been wiped from the canonical chain.
The technical mechanics are worth unpacking. MWEB, which Litecoin activated in May 2022 to add confidential transactions and fungibility, operates as an extension block running alongside the main chain. Coins can be "pegged in" to the privacy layer and "pegged out" back to the base chain. The vulnerability allowed an attacker to execute an invalid peg-out, essentially conjuring coins that should not have existed on the main chain, and route them to third-party decentralised exchanges before the network caught up. The DoS attack and the MWEB bug were separate components of the same operation: the DoS was designed to take patched mining nodes offline so the unpatched ones would form the chain that included the invalid transactions.
What makes this incident more than a routine patch-and-move-on story is the timeline. CoinDesk's review of Litecoin Core's public GitHub commit history reveals that the consensus bug enabling the invalid MWEB peg-out was privately fixed between March 19 and March 26 — roughly four weeks before Saturday's exploit. That creates an uncomfortable window: some mining pools running the updated code would have rejected the invalid transactions, while pools on older software would have accepted them. The attackers appear to have targeted precisely this gap, using the DoS component to knock the patched miners offline and let the vulnerable ones dominate block production.
The Foundation has pushed back against characterising the vulnerability as a "zero-day," arguing that the term implies the bug was unknown to developers at the time of exploitation. But the GitHub record tells a different story. A zero-day, in standard cybersecurity usage, refers to a vulnerability exploited before or on the day a patch becomes publicly available, and the patch in question was merged into a private branch weeks before it reached all node operators. Whether you call it a zero-day or a botched disclosure window, the effect is the same: a subset of the network was left exposed while another subset had quietly been immunised.
The incident has broader implications for any proof-of-work chain running optional privacy layers. April has already been dominated by security failures across the wider crypto ecosystem — $606 million lost in 18 days, led by the KelpDAO and Drift Protocol exploits — and this attack, though smaller in dollar terms, strikes at something more fundamental than smart contract risk. A chain reorganisation that reverses three hours of confirmed transactions undermines the settlement finality that makes blockchains useful in the first place. Exchanges and cross-chain protocols that accepted Litecoin deposits during the fork window had no way of knowing those confirmations would later be erased.
The privacy coin debate, which resurfaced with Robinhood's recent Zcash listing in New York, now has a fresh data point. MWEB was supposed to demonstrate that privacy features could be grafted onto an established chain without compromising its security model. Saturday's events suggest the grafting introduced attack surface that Litecoin's core consensus rules weren't fully prepared to handle, and that the development team knew about the risk for weeks before the exploit landed.
Crypto security has been under a harsh spotlight this year, from Bybit's $1.4 billion theft in February to the KelpDAO bridge exploit that wiped $13 billion from DeFi's total value locked. Litecoin's 13-block reorg is a different category of failure; not a smart contract bug or a compromised private key, but a consensus-level vulnerability in a top-20 blockchain's privacy infrastructure. The Foundation says the network is now stable and the bug fully patched. The deeper question, why mining pools were left running vulnerable software for a month after developers had a fix in hand, remains unanswered.
The Foundation posted its final update at 4:22 p.m. ET on April 25, confirming normal network operation.
