Litecoin Postmortem: MWEB Bug Let Attacker Fake 85,034 LTC Pegout Before Devs Froze Funds

Key Takeaways:

• A Litecoin MWEB validation bug fto an attacker inflate and peg retired 85,034 LTC successful March 2026, but the histrion returned the funds for an 850 LTC bounty.
• An April 2026 exploit effort triggered a 13-block concatenation reorg, causing NEAR Intents to suffer 11,000 LTC swapped for 7.78 BTC.
• Litecoin Core v0.21.5.4 patches some the inflation bug and the mining node stall that enabled the April reorg.

Litecoin Developers Release Postmortem After MWEB Bug Causes Chain Reorg

The postmortem identified the basal origin arsenic a missing metadata cheque during artifact connection. When an MWEB input spends a erstwhile output, the metadata it carries indispensable lucifer the existent UTXO being consumed. That cheque existed successful the mempool and block-building paths, but developers confirmed it was not afloat enforced astatine the artifact transportation stage.

Developers discovered the vulnerability done interior reappraisal connected March 19. A concatenation scan showed exploitation had already occurred astatine artifact 3,073,882. The attacker utilized a malicious MWEB input whose existent worth was nary much than 1.2084693 LTC to enactment a pegout of 85,034.47285734 LTC.

Developers said they coordinated privately with large mining pools to incorporate the inflated outputs earlier nationalist disclosure. An exigency release, Litecoin Core 0.21.5, was pushed to miners to artifact caller malformed inputs. A follow-up release, 0.21.5.1, added a humanities objection for the already-accepted exploit artifact and temporarily froze the 3 transparent outpoints holding the attacker’s funds.

The histrion attempted to walk astatine slightest 1 frozen output. Upgraded miners rejected the transaction. Developers past contacted the histrion directly. The histrion agreed to cooperate and signed a betterment transaction that returned 84,184.47278630 LTC to a developer-controlled code portion keeping 850 LTC arsenic an agreed bounty.

Litecoin founder, Charlie Lee, purchased the 850 LTC needed to marque the MWEB equilibrium whole. The afloat 85,034.47285734 LTC was pegged backmost into MWEB successful a azygous transaction astatine artifact tallness 3,078,098, and the resulting MWEB output was frozen. No idiosyncratic funds were yet mislaid successful the March incident.

According to the postmortem, a 2nd attacker attempted the aforesaid exploit way successful April, triggering a abstracted failure. Upgraded nodes rejected the malformed block, but the mode mutated MWEB artifact information was handled caused definite mining RPC commands to hang, including the submitblock call. Upgraded mining nodes stalled portion unupgraded miners continued extending the invalid chain.

The invalid concatenation grew to 13 blocks earlier upgraded miners coordinated to overtake it. The atrocious concatenation was reorged out, but respective third-party systems had already processed enactment connected the invalid concatenation earlier the reorg completed.

NEAR Intents confirmed the attacker swapped 11,000 LTC for 7.78814476 BTC earlier the reorg completed. Those 11,000 LTC were nary longer contiguous connected the valid concatenation aft the reorg, leaving NEAR Intents with a confirmed loss. Thorchain reported a abstracted nonaccomplishment aft the attacker swapped 10 LTC for 0.00719957 BTC done its span earlier the reorg.

Litecoin Core 0.21.5.4 addressed the mutated-block stall by erasing stored artifact information for blocks classified arsenic mutated, allowing valid information for the aforesaid artifact hash to beryllium accepted later. The merchandise was built and deployed publically connected April 25.

The postmortem blogpost acknowledged respective failures successful the response, including that MWEB validation relied excessively heavy connected checks that were not applied astatine artifact connection, that the betterment required aggregate staged miner releases each carrying coordination risk, and that the April mutated-block nonaccomplishment mode had not been tested against mining RPC behavior.

Community sentiment pursuing the postmortem X post was mostly supportive, with astir 70% to 80% of replies citing appreciation for the team’s transparency and speed. Several responses noted that the concatenation itself held steadfast and that nationalist disclosure built alternatively than damaged trust.

Users and node operators are advised to upgrade to Litecoin Core v0.21.5.4 oregon later, verify that their node is syncing normally, and reindex if the node remains stuck aft a restart. The postmortem follows Litecoin’s caller station astir doing amended erstwhile it comes to posting connected X. “Those successful complaint of posting from this [X] grip volition bash amended successful the future,” the authoritative Litecoin X relationship wrote aft the relationship was accused of being “childish” earlier successful the week.