Zero-Day Vulnerability Seen as Cause
Litecoin, a form of digital money used in cryptocurrency similar to bitcoin, was recently hit by a denial-of-service (DoS) attack due to a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) protocol. The issue is primarily influenced by unpatched mining nodes, which accidentally validated invalid block window transactions.
The attackers took advantage of attempting to transfer funds to external platforms while interrupting mining operations. Blockchain data indicated that the attacker funded a wallet estimated 38 hours (about 3 days) before the exploit through a withdrawal from Binance.
13-Block Chain Reorganization
Despite the attack, Litecoin network executed a 13-block chain reorganization, successfully reconstructing issues estimated three (3) hours of blockchain history. The reorganization did not affect valid transactions and expose user funds. The vulnerability had been identified and addressed the issue privately patched by developer of Litecoin project’s GitHub between March 19 and 26, before its exploitation.
This case shows risks from obsolete node software in decentralized systems, and the blockchain reorganization is essential to preserve network integrity and mitigate fraudulent activity.
