Litecoin underwent a deep chain reorganization on Saturday after attackers exploited a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) privacy layer, according to the Litecoin Foundation. The incident resulted in a three-hour reorg that erased invalid transactions from the network’s history while preserving valid transactions from the affected period.
Technical Details of the Exploit
The vulnerability allowed mining nodes running older software to validate an invalid MWEB transaction, enabling attackers to peg coins out of the privacy extension and route them to third-party decentralized exchanges, the Foundation stated. The bug produced what appeared to be a valid peg-out, effectively allowing attackers to summon LTC onto the main chain until honest nodes rejected the offending block.
Major mining pools were also targeted with a denial-of-service attack tied to the same flaw.
Attack Timeline and Scope
Aurora Labs CEO Alex Shevchenko characterized the incident as a “coordinated attack” in a social media post. According to Shevchenko, the fork ran from block 3,095,930 to 3,095,943 and took more than three hours to produce. During this window, attackers performed double-spend attacks against multiple cross-chain swapping protocols that had accepted the now-orphaned MWEB peg-outs.
Financial Impact
Shevchenko reported that the exposure for NEAR Intents was approximately $600,000. He recommended that all trading venues for LTC audit their transactions and holdings, noting the presence of numerous double-spend transactions. The Litecoin Foundation did not disclose the total amount of LTC created by the invalid MWEB transactions, nor did it name the affected mining pools.
Some trading venues reported losses from the incident, though specific figures were not provided in the Foundation’s statement.
Resolution and Security Status
The Foundation emphasized that offending transactions were ultimately erased from Litecoin’s history. The vulnerability has been fully patched according to the Foundation’s announcement.
Market Response and Context
LTC traded near $56.00 around 4:30 p.m. ET on Saturday, down approximately 1% on the day, showing no immediate market reaction to the disclosure. The token is down nearly 25% year-to-date.
Historical Significance
Saturday’s incident marks the first known attack targeting MWEB since Litecoin activated the privacy extension via soft fork in May 2022. MWEB enables users to move LTC from the transparent base chain into a confidential side-chain through peg-in and peg-out transactions, with the extension responsible for validating coin conservation between the two layers each block.
Broader Security Context
The incident occurs during a challenging period for cryptocurrency security. DeFi protocols have lost over $750 million to exploits in 2026 through mid-April, including a $292 million Kelp DAO bridge drain on April 19 and a $285 million attack on Solana-based perpetuals platform Drift on April 1. Most of those incidents involved cross-chain infrastructure, the same surface reportedly used by the Litecoin attackers to extract their gains before the network reorg.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Litecoin Undergoes Deep Chain Reorg to Undo MWEB Privacy Layer Exploit
Gate News message, April 26 — Litecoin experienced a deep chain reorganization (reorg) on Saturday after attackers exploited a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) privacy layer, according
GateNews19m ago
US Sanctions Iran-Linked Crypto Wallets; Tether Freezes $344 Million in USDT
Gate News message, April 26 — U.S. Treasury Secretary Scott Bessent announced that the federal government is sanctioning multiple wallets linked to Iran as part of efforts to increase economic pressure on the country. The move follows Tether's decision on Thursday, April 24, to freeze $344 million w
GateNews19m ago
Two South Korean Army Officers Sentenced to 2 Years for Illegal Crypto Exchange Operations and Drug Money Laundering
Gate News message, April 26 — Two active-duty South Korean Army officers in their 30s from the Special Warfare Command were each sentenced to two years in prison and fined 54.69 million Korean won by Changwon District Court on April 26 for operating an unlicensed virtual asset exchange and
GateNews22m ago
Apecoin Insider Turns $174K Into $2.45M in One Day With 14x Trade on Both Sides of 80% Surge
An anonymous wallet with no prior trading history turned $174,000 worth of ether into $2.45 million by trading Apecoin on both sides of an 80% price surge in a single day.
Key Takeaways:
Wallet 0x0b8a converted $174,000 in ETH into a leveraged Apecoin long, exiting near the top for a $1.79M
Coinpedia51m ago
Hong Kong Police Dismantle Cross-Border Fraud Ring Targeting Overseas Students, Seizing HK$5M in Assets
Gate News message, April 26 — Hong Kong police have dismantled a cross-border fraud ring that targeted overseas Chinese students studying abroad, according to local media. The syndicate impersonated law enforcement officials and coerced victims into traveling to Hong Kong to purchase gold bars as "c
GateNews1h ago
Brazil Bans Kalshi, Polymarket Citing Investor Protection Concerns
Brazil has enacted a sweeping ban on prediction markets and betting platforms, according to local media and government filings. The two leading prediction markets, Polymarket and Kalshi, were inaccessible to researchers based in the country following the ban.
Regulatory Framework and Scope
The
CryptoFrontier1h ago
