Litecoin developers have disclosed a serious bug in the Mimblewimble Extension Block (MWEB) implementation that was exploited in March 2026 and again prompted disruption in April. The incidents exposed a missing validation step in the MWEB block connection path, led to an emergency miner coordination and software patches, and caused third-party losses during a subsequent chain reorganization.
What happened
- March exploit (block 3,073,882): An attacker included malformed MWEB data that made a tiny real input (no more than 1.2084693 LTC) appear able to peg out 85,034.47285734 LTC to the transparent Litecoin chain. The inflated outputs were sent to a transparent address and split into three outpoints.
- April event (beginning block 3,095,931): A later attempt to reuse the same exploit path was rejected by upgraded nodes but exposed a separate “mutated-block” handling bug. That produced a denial-of-service failure mode for upgraded miners and allowed an invalid 13-block chain (through block 3,095,943) to be extended by miners that had not upgraded.
Root cause (technical)
- MWEB inputs must supply metadata that matches the referenced MWEB UTXO so nodes can validate balances and spends. That metadata check existed in mempool and block-construction code paths but was not fully enforced during block connection. The gap allowed a malicious block producer (or someone controlling a miner) to include an input whose metadata didn’t match the actual UTXO, enabling an inflated pegout.
Emergency response and recovery
- Developers privately coordinated with major mining pools to stop further exploit blocks while avoiding alerting the actor before containment.
- Two emergency miner-focused releases, Litecoin Core 0.21.5 and 0.21.5.1, were deployed. The latter added a historical exception for the already-accepted exploit block and temporarily rejected spends of the three attacker-controlled transparent outputs.
- The attacker attempted to spend at least one frozen output; upgraded miners rejected that transaction. Developers contacted the actor, who agreed to sign a recovery transaction returning almost all funds in exchange for an 850 LTC bounty.
- The recovery transaction paid 84,184.47278630 LTC to a recovery address and 850.00000000 LTC to an actor-controlled address. Developer Charlie purchased 850 LTC to cover the bounty shortfall. The full 85,034.47285734 LTC was pegged back into MWEB at block 3,078,098, with the resulting MWEB output frozen to restore internal supply balance.
- Litecoin developers say no confirmed user funds were lost as a result of the March incident, though the response required emergency coordination and special-case handling.
April DoS and reorg details
- During the April attempt, upgraded nodes rejected malformed MWEB data but could retain mutated serialized MWEB body data for a block hash labeled “BLOCK_MUTATED.” That stored bad data interfered with later valid block processing and mining RPC flows (e.g., submitblock), producing a DoS-like failure for upgraded miners.
- Unupgraded miners continued extending the invalid chain until upgraded miners coordinated and overtook it. The invalid fork produced 13 bad blocks before being reorged out. Litecoin developers stressed this was not a rollback of valid history but removal of an invalid chain produced by nodes that had not enforced the MWEB fixes.
Third-party impacts
- The April reorg had real-world consequences for some services:
- NEAR Intents processed a swap of 11,000 LTC for 7.78814476 BTC that was later removed from the valid chain, producing a “large loss.”
- THORChain saw an attacker swap 10 LTC for 0.00719957 BTC before the Litecoin side was invalidated by the reorg.
- Other attempted swaps were prevented, and developers are still collecting final third-party loss amounts and transaction IDs.
Follow-up fixes and guidance
- Litecoin Core 0.21.5.4 (released April 25) addressed the mutated-block DoS by erasing stored block data classified as mutated so valid data for the same block hash can be accepted later.
- Users, miners, exchanges and services were urged to upgrade to Litecoin Core 0.21.5.4 or later and verify nodes are syncing normally.
Market note
- At press time LTC was trading at $55.95.
Bottom line
The incidents highlight the complexity and risk around optional privacy-layer code like MWEB and the importance of end-to-end validation in all block-processing paths. Quick coordination between developers and miners recovered the March exploit funds, but the follow-on DoS and reorg in April caused notable third-party losses and underscored the need for prompt upgrades.
Read more AI-generated news on: undefined/news
