Litecoin Reverses 13 Blocks After DOS Attack on Mining Pools
Attackers exploited a bug in Litecoin's MimbleWimble Extension Block privacy layer to enable double-spends against cross-chain swap protocols over the weekend. Aurora Labs CEO Alex Shevchenko disputed the foundation's zero-day characterization, calling it an inside job based on the timing and execution.
Key Takeaway
Litecoin's reorg shows outdated mining nodes create exploitable gaps even after upstream patches.
Litecoin Foundation reversed 13 blocks over the weekend after attackers exploited a bug in the network's MimbleWimble Extension Block privacy layer to enable double-spends against cross-chain swap protocols.
The foundation confirmed on Saturday, April 25 that major mining pools were disrupted. Non-updated mining nodes facilitated invalid MWEB transactions, allowing attackers to peg out coins to third-party decentralized exchanges. The 13-block reorganization reversed the invalid transactions, and the foundation said all valid transactions during that period remained unaffected.
Aurora Labs CEO Alex Shevchenko caught the attack early and disputed the foundation's characterization of the exploit as a zero-day. Shevchenko said prior knowledge defeats the whole idea of a zero-day, noting that attackers planned to swap LTC into ETH on a recently funded address. He said the attack targeted pools that hadn't updated their software, creating an exploitable gap in the proof-of-work network's consensus layer.
Litecoin traded at ₱3,396.61 ($55.92) at time of writing, down 1.2% on the day. The foundation issued a post-mortem report and said the bug was patched and the network fully operational as of April 25.
This article was written based on reporting from Bitcoinist.
