Litecoin Suffers Deep Chain Reorganization After MWEB Privacy Layer Zero-Day Exploit

Gate News message, April 26 — Litecoin underwent a deep chain reorganization on Saturday afternoon after attackers exploited a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) privacy layer, according to the Litecoin Foundation. The bug allowed mining nodes running older software to validate unauthorized MWEB transactions, enabling attackers to peg coins out of the privacy extension and route them to third-party decentralized exchanges.

The chain reorg ran from block 3,095,930 to 3,095,943 and took more than three hours to complete. During this period, attackers performed double-spend attacks against multiple cross-chain swapping protocols that had accepted the now-orphaned MWEB peg-outs. Aurora Labs CEO Alex Shevchenko characterized it as a "coordinated attack" and noted that NEAR Intents faced approximately $600k in exposure. The Foundation confirmed the vulnerability has been fully patched and the offending transactions have been erased from Litecoin's history, while valid transactions during the period remain unaffected.

Saturday's incident marks the first known attack targeting MWEB since Litecoin activated the privacy extension via soft fork in May 2022. LTC traded near $56 on Saturday afternoon, down about 1% on the day and showing no immediate market reaction, though the token is down nearly 25% year-to-date. The incident occurs amid a challenging period for crypto security, with DeFi protocols losing over $750 million to exploits in 2026 through mid-April.