What to know:
- Attackers exploited a previously patched but not fully deployed vulnerability in Litecoin’s Mimblewimble Extension Block protocol, triggering a 13-block chain reorganization that rewound about 32 minutes of activity.
- Public GitHub commits show the core consensus bug was privately fixed weeks before the exploit, creating a window in which some mining pools ran updated code while others remained vulnerable, a gap researchers say the attackers appeared to target.
- The Litecoin network ultimately reorganized back to the valid chain once denial-of-service attacks on patched miners ceased, but the foundation has not yet explained the patch timeline or disclosed how much LTC was affected during the invalid block window.
Late Friday and Saturday, a security issue in the Mimblewimble Extension Block (MWEB) protocol allowed attackers to briefly reverse about 32 minutes of activity on the network. This involved reorganizing 13 blocks of the blockchain.
A flaw in the system allowed attackers to disrupt major cryptocurrency mining operations. This happened because unconfirmed, invalid transactions were briefly processed by older versions of the software before the network automatically fixed the issue and established the correct transaction history.
A new version of Litecoin Core (v0.21.5.4) is now available, and all users should update to it. This update includes crucial security improvements.
— Litecoin (@litecoin) April 25, 2026
On Sunday morning in Asia, The Foundation announced that the issue had been completely fixed and the network was running smoothly.
But leading experts point to the Litecoin project’s GitHub repository as revealing a different picture. Security researcher bbsz, who collaborates with the SEAL911 crypto exploit response team, shared a timeline of code updates taken from the public commit history.
With the details now available on the Litecoin GitHub, we have a clearer understanding of the events and their timing. However, this timeline doesn’t match up with what we know from the Mythos era. According to the analysis, a single security flaw allowed a denial-of-service attack and let an incorrect MWEB transaction get through. The git log shows…
— bbsz (@blackbigswan) April 26, 2026
The flaw that enabled the fraudulent removal of MWEB was secretly fixed between March 19th and 26th, about a month before the attack occurred. A different issue, which could have caused a service disruption, was resolved on the morning of April 25th.
The solutions to these issues were included in version 0.21.5.4, which was released the same day the attack started.
“The post-mortem says one zero-day caused a DoS that let an invalid MWEB transaction slip through,” bbsz wrote. “The git log tells a slightly different story.”
A zero-day refers to a vulnerability unknown to defenders at the time of an attack.
Litecoin’s development records reveal that a security flaw was identified and fixed privately about a month before it was exploited. However, this solution wasn’t made public or enforced across all mining operations.
This situation created a split among miners – some were using the updated, secure code, while others were still using the older, vulnerable version. It seems the attackers were able to identify who was running which version.
Alex Shevchenko, CTO of NEAR Foundation’s Aurora project, raised parallel concerns in a thread.
According to blockchain records, the hacker prepared for the attack by sending funds to a wallet 38 hours beforehand. They used a withdrawal from Binance, and the wallet was set up to automatically trade Litecoin for Ethereum on a decentralized exchange.
As a crypto investor, I understand that the recent attack involved two key parts. Apparently, the denial-of-service attack wasn’t just random disruption – it was specifically aimed at taking down the mining nodes that *had* been updated with the fix. The idea was to leave the vulnerable, unpatched nodes as the ones building the blockchain, which allowed those invalid transactions to be included.
When the denial-of-service attack ended, the network successfully resolved a temporary split in the blockchain (a 13-block reorganization). This indicates that enough computing power was using the latest software to overcome the attack, although the vulnerable version of the software ran for 32 minutes beforehand.
Recent events with Litecoin highlight the different ways blockchain networks respond to security issues. Newer blockchains, which often have fewer and more coordinated developers, can quickly fix problems – sometimes within hours – by communicating through chat and rapidly implementing updates across the entire network.
Older cryptocurrency networks, such as Litecoin and Bitcoin, depend on individual mining groups deciding when to update their software. This system is fine for minor changes, but it becomes risky when a security fix needs to be applied quickly, as attackers could exploit the network before everyone updates.
The Litecoin Foundation has not publicly addressed the GitHub timeline as of Sunday morning.
To be honest, I’m still a little frustrated that the Litecoin team hasn’t told us exactly how much LTC was affected during that recent block issue. They haven’t shared details on how much was ‘stuck’ during the invalid blocks, or the total value of any trades that went through before the network corrected itself. It’s a bit concerning not knowing the full extent of the impact.
Crypto is built for AI agents, not humans, says Alchemy’s CEO
13 hours ago
Trump defends crypto legislation at private event featuring boxer Mike Tyson, Tether CEO
13 hours ago
BlackRock’s bitcoin ETF just hit a massive milestone that proves crypto is now a mainstream bet
14 hours ago
How Anthropic’s Mythos model is forcing the crypto industry to rethink everything about security
15 hours ago
Bitcoin falls after Trump reportedly canceled Steve Witkoff and Jared Kushner’s Iran-talks trip
16 hours ago
Mike Tyson, Tether CEO, Cathie Wood among speakers at Trump’s ‘most exclusive’ crypto conference
17 hours ago
Clock is ticking for bitcoin to prevent quantum threat as it could drain 6.9 million BTC including Satoshi’s
22 hours ago
Coinbase’s Jesse Pollak says AI agents are the next big wave for crypto payments
19 hours ago
U.S. CFTC adds New York to string of states its suing to stop prediction market pushback
Apr 24, 2026
Michael Saylor says the bitcoin winter is over. Some experts agree, with caveats.
Apr 24, 2026
Bitcoin at $40,000 would be ‘near-unprecedented’ statistical outcome, analyst says
17 hours ago
SpaceX’s $75 billion IPO could drain the liquidity that’s helping lift bitcoin and crypto
Apr 24, 2026
In this article
LTCLTC$56.32◢0.29%Read More
- All Itzaland Animal Locations in Infinity Nikki
- NBA 2K26 Season 6 Rewards for MyCAREER & MyTEAM
- Makoto Kedouin’s RPG Developer Bakin sample game is now available for free
- Gold Rate Forecast
- Paramount CinemaCon 2026 Live Blog – Movie Announcements Panel for Sonic 4, Street Fighter & More (In Progress)
- Where Winds Meet’s new Hexi expansion kicks off with a journey to the Jade Gate Pass in version 1.4
- Vibe Out With Ghost Of Yotei’s Watanabe Mode Music While You’re Stuck At Work
- What is Managed Democracy? A Helldivers Guide
- Katanire’s Yae Miko Cosplay: Genshin Impact Masterpiece
- This Capcom Fanatical Bundle Is Perfect For Spooky Season
2026-04-26 11:50