The Litecoin developers have released a postmortem following a zero-day vulnerability that precipitated a DoS attack over the weekend.
Below, you’ll find a summary, followed by links to the full technical document.
In March 2026, developers identified a significant security issue within Litecoin’s Mimblewimble Extension Block (MWEB) implementation. The vulnerability allowed a block producer to include a transaction input in a mined block, where the associated metadata did not correspond to the output being spent.
This flaw meant that, because the metadata wasn’t fully re-validated during the standard block connection process, a malicious block could be constructed. Such a block could make a small input appear to support a larger withdrawal from the pegout.
A network scan confirmed the vulnerability was exploited at block height 3,073,882, resulting in a malicious pegout of 85,034.47285734 LTC using the compromised MWEB input. Developers acted swiftly, coordinating an emergency miner deployment to patch the vulnerability and halt further exploitation. They also secured three specific transparent addresses linked to the theft. The perpetrator subsequently assisted by signing a recovery transaction, returning the majority of the funds minus an agreed 850 LTC bounty. This bounty was purchased and covered.
In April 2026, a second attempt was made to exploit the original vulnerability. While upgraded nodes now rejected the faulty blocks, a related issue emerged. Mutated versions of these invalid MWEB blocks caused certain essential RPC commands to hang. This impacted upgraded mining nodes, potentially disrupting mining operations. Unupgraded miners continued building on the malicious chain, resulting in a 13-block invalid chain.
The network later executed a reorganisation (reorg), successfully removing the invalid chain after the majority of miners coordinated on the valid, secure chain. This incident affected some third-party services, although the specific details are still being collected.
The core validation bug has been fixed. Further updates addressed the historical exploit, the fund recovery process, improvements to amount accounting, and ensured the network defence against mutated MWEB block data would not be compromised, preventing disruption to legitimate block submission.
Litecoin developers recommend all network participants upgrade to Core v0.21.5.4 to benefit from these security upgrades.
The full technical breakdown is available on litecointalk and litecoin.com.
If you found this article useful, consider sharing it.
