- Litecoin bug in MWEB let outdated nodes process invalid transactions, creating temporary network validation splits.
- Litecoin executed a 13-block reorg to remove invalid activity while preserving legitimate transactions.
- Incident raised security concerns, indicating risks from outdated nodes and protocol flaws in proof-of-work systems.
A sudden disruption hit Litecoin after a zero-day bug in its MWEB feature allowed invalid transactions through outdated nodes, briefly exposing the network to exploitation. According to Litecoin, non-updated miners processed malformed transactions, enabling peg-outs to third-party DEXs before a 13-block reorganization reversed them. The patch was deployed, restoring normal operations.
Bug Exploit And Network Disruption
According to Litecoin, the issue began when outdated mining nodes failed to validate a malformed MWEB transaction. As a result, invalid transfers moved toward external decentralized exchanges.
However, updated nodes did not accept those transactions. This created a split in validation across the network during the incident window.
Notably, the exploit also involved a denial-of-service attack. This attack reduced active hash power by disabling certain nodes, increasing the exploit’s effectiveness.
Reorganization Reverses Invalid Activity
To contain the issue, Litecoin executed a 13-block chain reorganization. This rollback removed all invalid transactions from the main chain.
According to the Litecoin team, valid transactions during the same period remained unaffected. The network preserved legitimate activity while correcting the anomaly.
However, the reorg raised concerns among analysts. Alex Shevchenko and Zacodil initially flagged unusual mining delays during the event.
Blocks between heights 3095930 and 3095943 took over three hours to mine. This exceeded the expected 30-minute window significantly.
Debate Over Cause And Security Model
The unusual delay led some analysts to compare the event to a 51% attack pattern. However, Litecoin stated the disruption stemmed from a bug, not a takeover.
Meanwhile, an XRP Ledger validator known as Vet criticized proof-of-work security. Vet argued that network safety depends on sufficient hash power to deter attacks.
However, Vet clarified there was no majority hash attack in this case. Instead, the exploit relied on a protocol flaw combined with timing.
Shevchenko added that the attacker appeared prepared in advance. He noted funds linked to the exploit were traced to Binance 38 hours earlier.
Developers had identified and privately patched related vulnerabilities weeks before disclosure. Critics argued this created uneven protection across network participants.
