Quick Insights

  • Litecoin reversed 13 blocks after attackers exploited a bug in its MWEB privacy layer.
  • The Litecoin Foundation said non-updated mining nodes accepted an invalid MWEB transaction, allowing fraudulent peg-outs to third-party DEXs.
  • Aurora Labs CEO Alex Shevchenko said the fork ran from block 3,095,930 to 3,095,943 and took more than three hours to produce.
  • Shevchenko said NEAR Intents had around $600,000 in exposure and urged LTC trading venues to audit transactions and balances.

Litecoin reversed 13 blocks on Saturday after attackers exploited a bug in its MimbleWimble Extension Block privacy layer, creating invalid peg-outs and targeting cross-chain swap protocols before the network reorganized.

The Litecoin Foundation said the zero-day bug caused a denial-of-service attack that disrupted major mining pools. Non-updated mining nodes accepted an invalid MWEB transaction, which allowed coins to be pegged out of the privacy extension and sent toward third-party decentralized exchanges.

Litecoin’s 13-block reorganization removed the invalid transactions from the canonical chain. The Foundation said valid transactions from the same period were unaffected and that the vulnerability had been fully patched.

Litecoin Reorg Erases Invalid MWEB Peg-Outs

The fork ran from block 3,095,930 to block 3,095,943, according to Aurora Labs CEO Alex Shevchenko, who called it a coordinated attack. Litecoin produces blocks roughly every 2.5 minutes, meaning 13 blocks would normally represent about 32 minutes of chain activity. Shevchenko said the fork took more than three hours to produce.

That delay gave attackers time to try double-spend attacks against cross-chain swap protocols that had already accepted the invalid MWEB peg-outs. Once the reorganized chain became canonical, those transactions no longer existed on Litecoin’s main history.

Part of the incident What happened Why it matters
MWEB bug Older mining nodes accepted an invalid privacy-layer transaction. It enabled fraudulent peg-outs from Litecoin’s confidential extension block.
13-block reorg The affected chain split ran from block 3,095,930 to 3,095,943. The more than three-hour window gave attackers time to target swap protocols.
Double-spends Cross-chain venues accepted transactions later removed from Litecoin’s canonical chain. Losses may sit with venues that credited forked transactions too quickly.
Patch The Litecoin Foundation said the vulnerability is fully patched. Invalid transactions were erased while valid transactions remained intact.

MWEB is Litecoin’s optional privacy upgrade, activated through a soft fork in May 2022. It lets users move LTC between the transparent base chain and a confidential extension block through peg-in and peg-out transactions.

NEAR Intents Exposure Reaches About $600K

Shevchenko said NEAR Intents had around $600,000 in exposure from the Litecoin exploit. He also said users would not be affected and that any losses would be covered.

"The exposure for NEAR Intents is around $600k. We recommend all trading venues for LTC to audit the transactions and holdings."

Alex Shevchenko, CEO of Aurora Labs

That warning is aimed at exchanges, bridges and swap services that may have treated the forked MWEB activity as final before Litecoin removed it.

The Litecoin chain corrected the invalid state, but connected trading venues still had to check whether they credited assets tied to the discarded fork.

MWEB Faces First Major Litecoin Privacy-Layer Attack

The incident appears to be the first major exploit involving MWEB since Litecoin added the privacy feature in 2022. The upgrade was designed to give users optional confidentiality while keeping Litecoin’s base-chain supply rules intact.

The exploited bug appears to have affected MWEB peg-out validation rather than standard Litecoin transfers. That distinction matters because the attack centered on coins leaving the privacy extension and becoming spendable on the transparent chain.

Litecoin has not disclosed how much LTC the invalid MWEB transactions attempted to create. The Foundation also has not named the mining pools affected by the denial-of-service attack.

Cross-Chain Swaps Carry the Litecoin Losses

The clearest losses appear to sit outside Litecoin itself, with cross-chain systems that accepted the invalid peg-outs during the fork. These venues often move faster than proof-of-work finality, especially when routing assets between chains and liquidity pools.

Nakamoto Daily recently covered the Resolv Labs hack, where a compromised key allowed an attacker to mint unbacked stablecoins and drain $25 million. The technical failures are different, but both cases show how connected DeFi venues can carry losses when infrastructure assumptions fail.

For Litecoin, the protocol response was direct: reorganize the chain, remove the invalid transactions and patch the bug. The remaining audit work now falls on LTC trading venues that handled peg-outs during the fork window.

Disclaimer: Nakamoto Daily provides information for educational and entertainment purposes only. Nothing published here constitutes financial, investment, or trading advice. Readers should conduct their own research and consult a qualified financial adviser before making any investment decisions.