Litecoin underwent a deep chain reorganization on Saturday after attackers exploited a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) privacy layer, according to the Litecoin Foundation. The incident resulted in a three-hour reorg that erased invalid transactions from the network’s history while preserving valid transactions from the affected period.
Technical Details of the Exploit
The vulnerability allowed mining nodes running older software to validate an invalid MWEB transaction, enabling attackers to peg coins out of the privacy extension and route them to third-party decentralized exchanges, the Foundation stated. The bug produced what appeared to be a valid peg-out, effectively allowing attackers to summon LTC onto the main chain until honest nodes rejected the offending block.
Major mining pools were also targeted with a denial-of-service attack tied to the same flaw.
Attack Timeline and Scope
Aurora Labs CEO Alex Shevchenko characterized the incident as a “coordinated attack” in a social media post. According to Shevchenko, the fork ran from block 3,095,930 to 3,095,943 and took more than three hours to produce. During this window, attackers performed double-spend attacks against multiple cross-chain swapping protocols that had accepted the now-orphaned MWEB peg-outs.
Financial Impact
Shevchenko reported that the exposure for NEAR Intents was approximately $600,000. He recommended that all trading venues for LTC audit their transactions and holdings, noting the presence of numerous double-spend transactions. The Litecoin Foundation did not disclose the total amount of LTC created by the invalid MWEB transactions, nor did it name the affected mining pools.
Some trading venues reported losses from the incident, though specific figures were not provided in the Foundation’s statement.
Resolution and Security Status
The Foundation emphasized that offending transactions were ultimately erased from Litecoin’s history. The vulnerability has been fully patched according to the Foundation’s announcement.
Market Response and Context
LTC traded near $56.00 around 4:30 p.m. ET on Saturday, down approximately 1% on the day, showing no immediate market reaction to the disclosure. The token is down nearly 25% year-to-date.
Historical Significance
Saturday’s incident marks the first known attack targeting MWEB since Litecoin activated the privacy extension via soft fork in May 2022. MWEB enables users to move LTC from the transparent base chain into a confidential side-chain through peg-in and peg-out transactions, with the extension responsible for validating coin conservation between the two layers each block.
Broader Security Context
The incident occurs during a challenging period for cryptocurrency security. DeFi protocols have lost over $750 million to exploits in 2026 through mid-April, including a $292 million Kelp DAO bridge drain on April 19 and a $285 million attack on Solana-based perpetuals platform Drift on April 1. Most of those incidents involved cross-chain infrastructure, the same surface reportedly used by the Litecoin attackers to extract their gains before the network reorg.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Brazil Bans Polymarket, Kalshi in Prediction Market Crackdown
Brazil has enacted a sweeping ban on prediction markets and betting platforms, including the two leading platforms Polymarket and Kalshi, according to local media and government filings. The Banco Central do Brasil issued a resolution prohibiting the platforms due to non-compliance with local
CryptoFrontier1h ago
Polish Crypto Exchange Zondacrypto CEO Flees to Israel as $97M Fraud Probe Deepens
Polish prosecutors have opened a fraud investigation into cryptocurrency exchange Zondacrypto after chief executive Przemysław Kral departed for Israel, where his citizenship could prevent extradition, leaving up to 30,000 users facing losses tied to an inaccessible cold wallet holding 4,500
Coinpedia3h ago
US Sanctions Iran-Linked Crypto Wallets Holding $344M Frozen by Tether
U.S. Treasury Secretary Scott Bessent announced sanctions on multiple wallets linked to Iran as part of President Donald Trump's efforts to increase economic pressure on the country, according to CNN. The move follows Tether's freeze of $344 million in USDT on Tron, which has been linked to
CryptoFrontier4h ago
CFTC Sues New York as 38 AGs Back Kalshi Prediction Market Ban
New York Attorney General Letitia James joined a bipartisan coalition of 37 other attorneys general and the District of Columbia on Friday in urging Massachusetts' top court to uphold a preliminary injunction against prediction market platform Kalshi, while the U.S. Commodity Futures Trading Commiss
CryptoFrontier5h ago
CFTC sues New York State: Defend the federal exclusive jurisdiction over prediction markets
CFTC4/24 filed a lawsuit against the State of New York in the U.S. Federal Court for the Southern District of New York, arguing that the event contracts are subject to federal exclusive jurisdiction, and seeking a permanent injunction to stop state law from interfering with CFTC-registered entities. The core issue is field preemption; if they win, Polymarket, Kalshi, and others in the U.S. will have compliance and market positioning dominated by the federal framework, and the influence of state law will be weakened.
ChainNewsAbmedia6h ago
North Korean IT Workers Laptop Farm Scam: US Co-Conspirator Sentenced to 7–9 Years, Netting $2.8 Billion Over Two Years
Fortune reported that North Korea used laptop farms inside the United States, generating about $2.8 billion in revenue over two years to support nuclear weapons; annual tribute is $250–600 million. The U.S. citizen suspects Kejia Wang and Zhenxing Wang were each sentenced to 7.5 years and 9 years, respectively, for involvement exceeding 100 companies and 80 cases of identity theft. North Korea operated in the U.S. using U.S. identities and fixed devices, with funds mostly being converted via cryptocurrencies. Experts warn that an accomplice network still exists inside the country, and companies must strengthen identity verification, address tracking, and time zone/IP analysis.
ChainNewsAbmedia7h ago
