Litecoin's first security incident: MWEB exploit triggers 13-block reorg and $600K loss

Litecoin's 14-year zero-incident record is over

On April 25, 2026, Litecoin experienced its first-ever chain reorganization caused by an exploit. A zero-day vulnerability in the MWEB (MimbleWimble Extension Blocks) validation code allowed an attacker to stall updated mining nodes, causing the network to rewind 13 blocks — approximately 32 minutes of transaction history. The fork stretched from block 3,095,930 to block 3,095,943 and took over three hours to fully resolve.

This was not a paper exploit from an academic PDF — NEAR Intents lost $600,000 in a swap that had 6+ confirmations. Real pain, real margin call. NEAR Intents, a cross-chain protocol, lost 11,000 LTC (approximately $600,000) that was swapped for 7.78 BTC during the reorg window. The transactions that were confirmed on the original chain were invalidated when the network switched to the attacker's chain.

For a network that had operated for 4,900+ consecutive days without a single security incident, hack, or rollback, this was a watershed moment. The question is not just what happened — it is what it means for Litecoin's security narrative going forward.

Timeline: two incidents, one root cause

What actually happened: the technical breakdown

The inflation bug (March)

MWEB allows users to peg LTC into extension blocks for confidential transactions. When pegging out (moving LTC back to the transparent chain), the node must verify that the MWEB output being spent actually exists and matches the claimed amount. The bug: a missing metadata check during block connection. When an MWEB input spent a previous output, the metadata it carried was not verified against the actual UTXO being consumed.

This allowed the attacker to fabricate an 85,034 LTC pegout — creating LTC that did not exist. The inflation was detected and the consensus fix was privately deployed between March 19-26. The fake LTC was frozen before it could be spent on exchanges.

The DoS + reorg attack (April 25)

A separate but related vulnerability: the validation fix that patched the inflation bug caused updated mining nodes (running the patched code) to reject blocks that older nodes accepted. The attacker exploited this asymmetry:

1. Submit a block containing invalid MWEB data that updated nodes would reject
2. Updated miners stall — they cannot build on a block they consider invalid
3. Older (unpatched) nodes continue mining on the invalid chain
4. The attacker mines 13 blocks on the invalid chain while updated miners are stalled
5. When the network resolves the fork, 13 blocks of "valid" transactions on the correct chain are reversed

The result: a 13-block reorganization. Transactions that were confirmed on the legitimate chain — including NEAR Intents' 11,000 LTC swap — were rolled back as if they never happened.

The disclosure controversy

CoinDesk's investigation revealed that the GitHub commit history showed the inflation bug was patched weeks before the April 25 attack — not in real-time response to it. The Litecoin Foundation's initial framing suggested a rapid response, but the commits were dated March 19-26.

This raises uncomfortable questions:

• Responsible disclosure vs transparency: silently patching a consensus bug is standard practice in cryptocurrency development (Bitcoin Core has done this multiple times). The logic: disclosing the bug before miners upgrade creates a window for exploitation. But the silent patch created its own vulnerability — the DoS vector that enabled the April reorg
• The 4-week gap: between the private patch (March 26) and the public attack (April 25), there were four weeks where the bug was known internally but not publicly disclosed. During that window, some miners upgraded and some did not — creating the chain split conditions the attacker exploited
• Should MWEB have been audited more thoroughly? The MWEB code was reviewed before activation in May 2022, but the inflation bug survived for nearly four years undetected. This suggests the audit scope was insufficient for the complexity of the MimbleWimble protocol

What this means for Litecoin's security narrative

For 14 years, Litecoin's pitch included "100% uptime, zero hacks, zero rollbacks." That claim is now false. The network experienced a consensus-level exploit, a chain reorganization, and real financial losses. The network security guide we published emphasized hashrate as the primary security measure — but this exploit had nothing to do with hashrate. It was a software bug in the MWEB validation code.

What the incident does NOT mean:

• Litecoin is not "broken": the bug has been patched. Litecoin Core v0.21.5.4 fixes both the inflation vulnerability and the DoS vector. The network is stable as of April 29
• Base layer (non-MWEB) transactions were not affected: the vulnerability was specific to MWEB extension block validation. Standard LTC transactions on the transparent chain were not directly vulnerable to inflation
• The hashrate and mining security model is intact: this was not a 51% attack. The 3.34 PH/s hashrate, merged mining with Dogecoin, and difficulty adjustment all functioned correctly. The attack exploited a code bug, not a consensus mechanism flaw

What the incident DOES mean:

• MWEB added attack surface: the privacy feature introduced code complexity that contained a critical bug for nearly 4 years. The trade-off between privacy and code simplicity is real
• Exchange confirmation requirements may increase: exchanges that accepted 2-6 LTC confirmations may increase requirements to 12-20 post-reorg, slowing deposit times. ChangeNOW's 2-confirmation policy is now questionable
• Cross-chain protocols are vulnerable: NEAR Intents' $600K loss demonstrates that cross-chain swaps trusting altcoin finality carry real counterparty risk. This may affect LitVM bridge design
• "Zero incidents" was always a misleading metric: it meant "no incidents YET." Every complex software system has bugs. The question was never whether Litecoin would have an incident — it was how quickly and transparently the team would respond. The response was technically competent (bug patched within hours of the attack) but the disclosure timeline was questionable

What to do if you hold LTC

• Update your node: if you run a Litecoin full node, update to v0.21.5.4 immediately. Older versions are vulnerable
• Check MWEB balances: if you had LTC in MWEB during the March-April window, verify your balances on the current chain. The inflation bug has been patched but check your holdings
• Increase confirmation requirements: if you accept LTC payments, consider requiring 12+ confirmations for large amounts until confidence in post-patch stability is established. Check our fee tracker for current confirmation times
• Monitor for follow-up incidents: the first weeks after a major patch are when secondary bugs are most likely to surface. Track network health on our on-chain dashboard and mining dashboard

Frequently asked questions

Was Litecoin hacked?

A zero-day vulnerability in MWEB validation code was exploited, causing a 13-block chain reorganization on April 25, 2026. An earlier inflation bug (March 2026) allowed an attacker to fabricate 85,034 fake LTC. Both bugs have been patched in Litecoin Core v0.21.5.4. This was the first security incident in Litecoin's 14-year history.

Did anyone lose money?

Yes. NEAR Intents lost approximately 11,000 LTC ($600,000) in a cross-chain swap that was reversed by the 13-block reorganization. The fabricated 85,034 LTC from the inflation bug was frozen before it could be traded on exchanges.

Is Litecoin safe to use now?

The network has been stable since April 29, 2026, with the patched v0.21.5.4 release. The inflation and DoS vulnerabilities are fixed. However, users should update their node software, and merchants should consider higher confirmation requirements for large transactions until extended post-patch stability is confirmed.

Does this affect MWEB privacy features?

The bug was in MWEB validation code, not in the privacy protocol itself. MWEB confidential transactions still function as designed. However, the incident demonstrates that MWEB added significant code complexity and attack surface to Litecoin's consensus layer. Future MWEB updates will likely undergo more rigorous auditing.

Sources

• Bitcoin.com — Litecoin Postmortem: MWEB Bug Let Attacker Fake 85,034 LTC Pegout
• CoinDesk — Litecoin's 13-block reorg: GitHub commit history shows otherwise
• Bitcoin.com — Litecoin Confirms Zero-Day Bug Caused 13-Block Reorg
• CryptoTimes — Litecoin Reorg Rewinds 32 Min After 13-Block MWEB Exploit
• Invezz — Litecoin MWEB exploit resolved, block reorganization corrected