The Litecoin network became the target of a blockchain reorganization on April 25. The Litecoin Foundation confirmed the incident on X, citing a zero-day vulnerability in the MimbleWimble Extension Block (MWEB) as the cause. Attackers deliberately exploited the flaw in the privacy layer to manipulate the integrity of the blockchain. The exploit caused outdated mining nodes to treat invalid MWEB transactions as legitimate, allowing the attackers to steal LTC funds.

At the same time, major mining pools faced coordinated denial-of-service attacks directly linked to the vulnerability. Aurora Labs CEO Alex Shevchenko described the incident as a highly coordinated attack. The chain split affected blocks 3,095,930 through 3,095,943 and lasted for more than three hours. During that period, the attackers carried out double-spend attacks against several cross-chain protocols that had already accepted transactions from MWEB peg-outs that were later orphaned.

First successful attack on Litecoin since the 2022 upgrade

The economic impact of the incident is already visible on some trading platforms. According to Shevchenko, the potential exposure for NEAR Intents is around $600,000. He urged all platforms that support LTC to carefully review their balances and transactions, as multiple double-spend operations had been identified.

The Litecoin Foundation, meanwhile, stressed that the invalid transactions were ultimately removed from the blockchain’s history. According to the organization, valid transactions from the affected period were not impacted by the reorganization.

The incident marks the first successful attack on MWEB since the soft fork was activated in May 2022. The feature allows users to transfer LTC into a confidential sidechain. However, a bug in coin-conservation validation allowed the attackers to create unauthorized amounts of LTC on the main blockchain. According to official statements, the vulnerability has since been fully patched.

Litecoin’s price showed little reaction to the attack. At the time of writing, LTC was trading at around $56, down 0.31% over the previous 24 hours.

Second major incident in one week

This is the second major crypto infrastructure breach in a week. Last Sunday, unknown attackers compromised Kelp DAO’s LayerZero-powered cross-chain bridge and stole around $292 million worth of rsETH. LayerZero blamed the North Korean hacking group Lazarus for the attack.

A connection between the attacks and Claude Mythos cannot yet be ruled out. The AI system is capable of identifying vulnerabilities in software and could reportedly be used to facilitate cyberattacks. Its developer, Anthropic, does not currently plan to release the AI publicly. According to Spiegel, unknown parties have already gained access to it.