Litecoin Rewrites Three Hours of History Following a Planned Attack on Its Privacy Layer
TLDR
- Litecoin experienced a zero-day flaw leading to a 13-block chain reorganization on Saturday.
- Attackers leveraged the MimbleWimble Extension Block (MWEB) privacy feature to submit invalid transactions.
- Updated mining pools were targeted by a denial-of-service attack, briefly reducing their computational power.
- Funding from a Binance-linked wallet indicates the assault was coordinated, with some experts questioning if it was a genuine zero-day.
- The flaw is now fixed; legitimate transactions were untouched, but certain exchanges incurred losses, such as an estimated $600,000 for NEAR Intents.
(SeaPRwire) – Litecoin faced a significant security breach on Saturday when assailants utilized a previously unknown vulnerability in its MimbleWimble Extension Block privacy system, marking the first successful attack on the feature since its 2022 introduction.
Litecoin update:
• A zero-day bug caused a DoS attack that disrupted major mining pools.
• Non-updated mining nodes allowed an invalid MWEB transaction allowing them to peg out coins to third party DEX’s
• A 13-block reorg reversed those invalid transactions — they will not…— Litecoin (@litecoin) April 25, 2026
The vulnerability permitted outdated mining nodes to accept a fraudulent transaction, enabling attackers to move coins out of the privacy layer and direct them to decentralized exchanges and cross-chain swapping services.
Concurrently, mining pools operating with the latest software were subjected to a denial-of-service attack. This briefly disabled their hashing power, allowing older nodes to dominate the network.
When the denial-of-service attack ceased, the updated nodes took back control and performed a 13-block chain reorganization. This action erased the invalid transactions, removing over three hours of modified activity from Litecoin’s ledger.
The Litecoin Foundation verified that all proper transactions from that time frame are still intact on the primary chain. The development team stated the security hole has been completely addressed.
The forked chain persisted from block 3,095,930 to 3,095,943 for more than three hours. In this period, attackers performed double-spend attacks on several cross-chain swap protocols that had accepted the subsequently invalidated transfers.
Aurora Labs CEO Alex Shevchenko characterized the event as a “coordinated attack.” He also highlighted that a Binance wallet had financed the attacker days prior, indicating advanced planning.
Developers Question “Zero-Day” Label
Shevchenko contended the flaw might not qualify as a true zero-day. He observed that since the network automatically managed the reorganization after the denial-of-service ended, a portion of the mining power must have already been operating on patched software.
“This bug was known, and it’s not a zero-day,” Shevchenko posted on X.
Blockchain developer Vadim further noted that the precise timing and focus of the attack signaled a purposeful operation rather than a haphazard exploit.
Losses Reported Across Trading Venues
Shevchenko approximated that NEAR Intents suffered a loss near $600,000. He advised all platforms processing Litecoin to review their transaction logs and asset balances.
The Litecoin Foundation did not identify the affected mining pools or reveal the quantity of fraudulently created Litecoin.
Litecoin was trading around $56.00 at approximately 4:30 p.m. ET on Saturday, showing a roughly 1% daily decline without a severe market response to the news. The asset has fallen nearly 25% since the start of the year.
This incident fits into a wider trend of cryptocurrency security breaches in 2026. Decentralized finance protocols have surrendered over $750 million to exploits by mid-April, encompassing a $292 million drain from the Kelp DAO bridge on April 19 and a $285 million attack on the Solana-based Drift perpetuals platform on April 1.
Cross-chain infrastructure served as the common vulnerability in these cases, including Saturday’s Litecoin incident.
This article is provided by a third-party content provider. SeaPRwire (https://www.seaprwire.com/) makes no warranties or representations regarding its content.
Category: Top News, Daily News
SeaPRwire provides global press release distribution services for companies and organizations, covering more than 6,500 media outlets, 86,000 editors and journalists, and over 3.5 million end-user desktop and mobile apps. SeaPRwire supports multilingual press release distribution in English, Japanese, German, Korean, French, Russian, Indonesian, Malay, Vietnamese, Chinese, and more.