Litecoin underwent a deep chain reorganization on Saturday after attackers exploited a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) privacy layer, according to the Litecoin Foundation. The incident resulted in a three-hour reorg that erased invalid transactions from the network’s history while preserving valid transactions from the affected period.
Technical Details of the Exploit
The vulnerability allowed mining nodes running older software to validate an invalid MWEB transaction, enabling attackers to peg coins out of the privacy extension and route them to third-party decentralized exchanges, the Foundation stated. The bug produced what appeared to be a valid peg-out, effectively allowing attackers to summon LTC onto the main chain until honest nodes rejected the offending block.
Major mining pools were also targeted with a denial-of-service attack tied to the same flaw.
Attack Timeline and Scope
Aurora Labs CEO Alex Shevchenko characterized the incident as a “coordinated attack” in a social media post. According to Shevchenko, the fork ran from block 3,095,930 to 3,095,943 and took more than three hours to produce. During this window, attackers performed double-spend attacks against multiple cross-chain swapping protocols that had accepted the now-orphaned MWEB peg-outs.
Financial Impact
Shevchenko reported that the exposure for NEAR Intents was approximately $600,000. He recommended that all trading venues for LTC audit their transactions and holdings, noting the presence of numerous double-spend transactions. The Litecoin Foundation did not disclose the total amount of LTC created by the invalid MWEB transactions, nor did it name the affected mining pools.
Some trading venues reported losses from the incident, though specific figures were not provided in the Foundation’s statement.
Resolution and Security Status
The Foundation emphasized that offending transactions were ultimately erased from Litecoin’s history. The vulnerability has been fully patched according to the Foundation’s announcement.
Market Response and Context
LTC traded near $56.00 around 4:30 p.m. ET on Saturday, down approximately 1% on the day, showing no immediate market reaction to the disclosure. The token is down nearly 25% year-to-date.
Historical Significance
Saturday’s incident marks the first known attack targeting MWEB since Litecoin activated the privacy extension via soft fork in May 2022. MWEB enables users to move LTC from the transparent base chain into a confidential side-chain through peg-in and peg-out transactions, with the extension responsible for validating coin conservation between the two layers each block.
Broader Security Context
The incident occurs during a challenging period for cryptocurrency security. DeFi protocols have lost over $750 million to exploits in 2026 through mid-April, including a $292 million Kelp DAO bridge drain on April 19 and a $285 million attack on Solana-based perpetuals platform Drift on April 1. Most of those incidents involved cross-chain infrastructure, the same surface reportedly used by the Litecoin attackers to extract their gains before the network reorg.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
