- A zero-day vulnerability in the MimbleWimble Extension Block (MWEB) privacy layer allowed attackers to reorganize the network. Litecoin.
- Fork lasted for three hours and resulted in double spending, the total amount of which is unknown.
Saturday Litecoin suffered a network reorganization after attackers exploited a zero-day vulnerability related to the MimbleWimble Extension Block (MWEB) privacy layer, according to account Litecoin Foundation on social networks.
According to the Foundation, the bug allowed mining nodes running outdated software to validate invalid MWEB transactions, allowing those who created them to lock coins in the privacy extension and route them to third-party decentralized exchanges. Furthermore, large mining pools suffered a DDoS attack related to the same vulnerability.
Aurora Labs CEO Alex Shevchenko call this is a “coordinated attack.” He noted that fork The attack affected blocks 3,095,930 to 3,095,943 and lasted over three hours, during which the attackers carried out double-spend attacks against several exchange protocols that accepted the now-inactive MWEB transactions.
The Foundation’s statement emphasized that the malicious transactions had been erased from history. Litecoin, while actual transactions during the specified period remained unaffected. The fund also stated that the vulnerability has been fully resolved, although some trading platforms were affected by the incident.
The damage from NEAR Intents reached approximately 600 thousand dollars, wrote Shevchenko on social media: “We recommend all LTC trading platforms conduct transaction and asset audits. We see many double-spending transactions.”
Saturday’s incident is the first known attack on MWEB since Litecoin activated the privacy extension via a soft fork in May 2022. MWEB allows users to move LTC from the transparent core network to the confidential sidechain via peg-in and peg-out transactions, with the extension responsible for verifying the preservation of coins between the two layers in each block.
A bug that creates a seemingly valid but unauthorized block allows an attacker to mint LTC on the main chain until legitimate nodes reject the problematic block. The number of invalid MWEB transactions is currently unknown.
Risk Warning:
The information on this website is for informational and educational purposes only and does not constitute investment advice or financial recommendations. Cryptocurrencies and digital assets carry a high level of risk, including possible loss of capital. The editors are not responsible for decisions made based on the published materials. It is recommended that you conduct your own research (DYOR) before making investment decisions. Read the editorial policy. https://happycoin.club/about/