Litecoin's foundation called the weekend exploit a zero-day. The litecoin-project GitHub repository shows the consensus vulnerability was privately patched between March 19 and 26, more than four weeks before the attack.
Litecoin's foundation called the weekend exploit a zero-day. The litecoin-project GitHub repository shows the consensus vulnerability was privately patched between March 19 and 26, more than four weeks before the attack.
Attackers exploited a previously patched but not fully deployed vulnerability in Litecoin’s Mimblewimble Extension Block protocol, triggering a 13-block chain reorganization that rewound about 32 minutes of activity. Public GitHub commits show the core consensus bug was privately fixed weeks before the exploit, creating a window in which some mining pools ran updated code while others remained vulnerable, a gap researchers say the attackers appeared to target.
The Litecoin network ultimately reorganized back to the valid chain once denial-of-service attacks on patched miners ceased, but the foundation has not yet explained the patch timeline or disclosed how much LTC was affected during the invalid block window.late Friday and Saturday rewound roughly 32 minutes of network activity after attackers used a vulnerability in its Mimblewimble Extension Block protocol. The bug had enabled a denial-of-service attack against major mining pools, allowing the invalid MWEB transactions to slip through nodes that had not updated, before the network's longest valid chain corrected them.
The Foundation said in Asian morning hours on Sunday the bug was fully patched and the network is operating normally. However, prominent researchers say the litecoin-project GitHub repository tells a different story. Security researcher bbsz, who works with the SEAL911 emergency response group for crypto exploits, posted the patch timeline pulled from the public commit log. Now that stuff has been made public on the Litecoin GitHub, we have a better sense of timeline and what happened.
The post-mortem says one zero-day caused a DoS that let an invalid MWEB tx slip through. The git log on…The consensus vulnerability that allowed the invalid MWEB peg-out was privately patched between March 19 and March 26, roughly four weeks before the attack. A separate denial-of-service vulnerability was patched on the morning of April 25.
"The post-mortem says one zero-day caused a DoS that let an invalid MWEB transaction slip through," bbsz wrote. "The git log tells a slightly different story. "Litecoin's commit history shows the consensus vulnerability was known and patched privately a month before the exploit, but the fix had not been broadcast publicly or required to all mining pools.
That created a window where some miners ran the patched code while others ran the still-vulnerable version, and the attackers appear to have known which was which. Blockchain data showed the attacker pre-funded a wallet 38 hours before the exploit through a Binance withdrawal, with the destination address already configured to swap LTC into ETH on a decentralized exchange.
The denial-of-service attack and the MWEB bug were separate components, Shevchenko argued, with the DoS designed to take patched mining nodes offline so the unpatched ones would form the chain that included the invalid transactions. The fact that the network automatically handled the 13-block reorganization once the DoS stopped suggests enough hashrate was running updated code to eventually overpower the attack, but only after the unpatched fork had run for 32 minutes.
A hit on Litecoin shows how attacks on various networks differ in how code maintainers and developers react to exploits. Newer chains with smaller, more centralized validator sets coordinate upgrades through chat groups and can push patches network-wide in hours.
Older proof-of-work networks like Litecoin and bitcoin rely on independent mining pools choosing when to upgrade, which works for non-urgent changes but creates a window of vulnerability when a security patch needs to reach everyone before an attacker exploits the gap. The amount of LTC pegged out during the invalid block window and the value of any swaps completed before the reorganization reversed them have not been disclosed.
IBIT options open interest topped Deribit on Friday, signaling rapid institutional adoption of regulated crypto derivatives in the U.S. Positioning differs across markets: IBIT flows appear slightly more bullish than Deribit's BTC options.23 hours ago
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Dogecoin (DOGE) on Track for Best Week Since March Despite $0 ETF Support in USWhile institutional ETF inflows remain at zero, speculation surrounding XMoney and XChat drives DOGE's best week since March.
Read more »
Golden police issue arrest warrant for driver accused of striking bicyclist in late MarchÓscar A. Contreras is a Murrow-nominated journalist who has been writing for the E.W. Scripps Company since January 2014.
Read more »
Mortgage rates and global tensions keep Colorado buyers on edge in MarchColorado’s housing market displayed cautious stabilization last month, as modest sales gains and increased inventory gave buyers more leverage. However, higher mortgage rates and continuing global uncertainty are limiting optimism and a…
Read more »
Texas' first new state park in 25 years sees over 17,000 visitors since MarchSince March, the first Texas State Park to open in 25 years has seen over 17,000 visitors. Park officials say they were pleasantly surprised at the popularity.
Read more »
Sandalwood High School band needs community help to march in National Memorial Day ParadeA Jacksonville high school band has earned a rare invitation to perform on a national stage, but they need the community’s help to make the trip a reality.
Read more »
Why XRP Ledger is Immune to the Zero-Day Attack Unlike Litecoin, Top XRPL Contributor ExplainsLitecoin's zero-day shock raises questions XRP may already answer, according to the ecosystem's top contributor.
Read more »