Litecoin’s MWEB Bug Let An Attacker Create 85,034 LTC

Litecoin builders have disclosed {that a} important validation flaw within the community’s Mimblewimble Extension Block implementation allowed an attacker to create an inflated pegout of 85,034.47285734 LTC in March 2026, earlier than a coordinated emergency response recovered the funds and neutralized the accounting imbalance.

The incident, detailed in a postmortem revealed by Litecoin developer David Burkett on April 28, additionally set the stage for a second April occasion by which a later exploit try triggered a denial-of-service failure mode, disrupted upgraded mining nodes, and led to a 13-block invalid chain being reorged out.

A Critical Litecoin MWEB Validation Failure

According to the postmortem, the foundation situation was a lacking validation verify in Litecoin’s MWEB block connection path. MWEB inputs are imagined to reference earlier MWEB outputs, whereas carrying metadata utilized by stability and spend validation logic. That metadata should match the precise MWEB UTXO being spent.

In regular mempool and block development paths, that verify existed. But it was not absolutely enforced throughout block connection. That hole allowed a malicious block producer to incorporate an MWEB enter whose equipped metadata didn’t match the true UTXO, making a small enter seem able to supporting a a lot bigger pegout.

“The supposed rule is straightforward: when an MWEB enter spends a earlier output, the metadata equipped by the enter should match the precise MWEB UTXO recognized by the enter’s output ID,” the postmortem states. “That verify existed in some paths, together with regular mempool and block development paths. But it was not absolutely enforced within the block connection path.”

The exploit occurred at block top 3,073,882. The attacker used an MWEB enter with an precise worth described as unknown, however “no more than 1.2084693 LTC,” whereas utilizing pretend dedication information to generate a pegout of 85,034.47285734 LTC. The inflated funds have been initially despatched to a clear Litecoin deal with and later cut up into three transparent-chain outpoints.

Because exploitation required bypassing regular transaction relay and block-building checks, the attacker wanted to mine a block or management a miner keen to incorporate malformed MWEB information.

Miner Coordination, Frozen Outputs And Recovery

Once builders recognized the vulnerability and confirmed it had already been exploited, they coordinated privately with main mining swimming pools. The intention was to forestall additional exploit blocks with out instantly alerting the actor earlier than the inflated outputs might be contained.

Litecoin Core 0.21.5 and 0.21.5.1 have been deployed as emergency miner-focused releases. The latter added a historic exception for the already-accepted exploit block and briefly rejected spends of the three attacker-controlled clear outputs.

The attacker later tried to spend no less than one frozen output, however upgraded miners rejected the transaction. Developers then contacted the actor, who agreed to signal a restoration transaction returning the funds apart from an 850 LTC bounty.

“The actor later signed a restoration transaction,” the postmortem says. “That transaction paid: 84,184.47278630 LTC complete to the restoration deal with, cut up throughout two outputs. 850.00000000 LTC to an deal with managed by the actor because the agreed bounty.”

The postmortem provides that Charlie bought 850 LTC to cowl the bounty hole. The full 85,034.47285734 LTC was then pegged again into MWEB at block top 3,078,098, and the ensuing MWEB output was frozen. This was designed to revive MWEB’s inner provide stability whereas making certain the rebalancing output couldn’t be spent.

Litecoin builders mentioned no confirmed consumer funds have been finally misplaced within the March incident. Still, the response required emergency miner coordination, staged releases and special-case dealing with of historic exploit information.

April Attempt Triggered A 13-Block Invalid Chain

The second incident started on April 25 at block top 3,095,931, when one other actor tried to make use of the identical authentic exploit path. Upgraded nodes rejected the malformed MWEB information, however the rejection uncovered a separate mutated-block dealing with situation.

The postmortem explains that some serialized MWEB physique information might be mutated with out altering the canonical Litecoin block hash. When an upgraded node obtained such a mutated MWEB block over peer-to-peer channels, it might fail whereas making use of the MWEB physique, classify the failure as “BLOCK_MUTATED,” and retain the unhealthy serialized information for that block hash. That might intervene with later legitimate block processing and mining RPC flows resembling submitblock.

“During the April incident, this brought on upgraded mining nodes to reject the unhealthy block but additionally change into unable to proceed regular mining operations shortly sufficient,” the postmortem states. “Unupgraded miners, which didn’t implement the MWEB repair, continued extending the invalid chain till upgraded miners coordinated and overtook it.”

The invalid chain ran by way of block top 3,095,943, producing 13 unhealthy blocks in complete earlier than the legitimate chain overtook it. Litecoin builders emphasised that this was not a rollback of legitimate Litecoin historical past, however a reorg of an invalid chain produced by miners that had not upgraded or had not absolutely enforced the MWEB validation guidelines.

Third-Party Losses Remain A Key Open Issue

While the March exploit was recovered internally, the April reorg affected some exterior infrastructure. The postmortem says NEAR Intents processed a swap of 11,000 LTC for 7.78814476 BTC earlier than these LTC have been faraway from the legitimate chain, leading to what Litecoin described as a “giant loss” for NEAR Intents. THORChain was additionally affected, with an attacker swapping 10 LTC for 0.00719957 BTC earlier than the reorg invalidated the Litecoin facet of the transaction.

Other tried swaps have been reportedly prevented in time, however precise third-party transaction IDs and closing loss quantities have been nonetheless being collected.

Litecoin Core 0.21.5.4 was launched on April 25 to deal with the mutated-block DoS failure mode by erasing saved block information for blocks categorized as mutated, permitting legitimate information for a similar block hash to be accepted later. Users, miners, exchanges and providers have been urged to improve to Litecoin Core 0.21.5.4 or later and confirm that nodes are syncing usually.

At press time, LTC traded at $55.95.

Litecoin’s MWEB Bug Let An Attacker Create 85,034 LTC

A Critical Litecoin MWEB Validation Failure

Miner Coordination, Frozen Outputs And Recovery

April Attempt Triggered A 13-Block Invalid Chain

Litecoin’s Blockchain Maturity Is On The Rise – What This Means For LTC’s Price

Litecoin Whale Activity Spikes To 5-Week High: Reversal Or Continuation Signal?

Litecoin Follows Bitcoin’s Momentum, But Resistance Looms At $79.60

Litecoin Closes Bullish — $57 Break Could Ignite Next Leg Up

Why Litecoin Price Going To $2,000 Is Not A Fantasy, But Market Cap Math

Can Litecoin Price Bounce To $285? This Trend Maps Out 5 Major Levels

Curated by experts. Filtered for relevance.

Resources

About

Subscribe & learn more every day!

A Critical Litecoin MWEB Validation Failure

Miner Coordination, Frozen Outputs And Recovery

April Attempt Triggered A 13-Block Invalid Chain

Similar Posts

Curated by experts. Filtered for relevance.

Resources

About

Subscribe & learn more every day!