Scams Radar

Icon-facebook Icon-instagram-1 Tiktok Telegram Whatsapp Youtube Youtube

Litecoin Reorgs 3 Hours of Blockchain History to Fix First Major MWEB Privacy Exploit

Litecoin crypto logo symbol on a blue circular background with abstract digital texture

Litecoin experienced a significant security incident on April 25, 2026. The network performed a 13-block reorganization to undo invalid transactions caused by a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) privacy layer.

What Happened

  • A critical bug in the MWEB privacy extension allowed attackers to create invalid peg-out transactions. These transactions appeared valid to older mining nodes, enabling the creation of unauthorized Litecoin on the main chain.

    The exploit also triggered a denial-of-service attack on major mining pools. This led to a three-hour fork between block 3,095,930 and 3,095,943. During this window, attackers attempted double-spends against multiple cross-chain swap protocols.

Attack Details

Attackers used the MWEB flaw to peg out coins from the privacy side-chain and route them to decentralized exchanges. Once the network reorganized, these invalid transactions were erased from Litecoin’s canonical chain.

The Litecoin Foundation confirmed the offending blocks were reversed, while all valid transactions from that period remained intact.

Reported Losses

Several cross-chain protocols were targeted. Aurora Labs CEO Alex Shevchenko reported that NEAR Intents faced around $600,000 in exposure. Multiple trading venues are now auditing their LTC holdings due to suspected double-spend attempts.

This marks the first known exploit targeting MWEB since its activation via soft fork in May 2022.

Response and Fix

The Litecoin Foundation stated that the vulnerability has been fully patched. The network successfully reorganized to restore the correct chain state.

No major losses were reported directly on the Litecoin base chain itself, as the invalid MWEB transactions were ultimately removed.




What This Means

This strict approach aims to protect residents, particularly seniors, from fast-growing crypto-related scams. While it limits legitimate use of crypto ATMs, it sends a strong signal that states are serious about stopping fraud.

 

Reviews:

Leave Your Review Here:

Scams Radar disclaimer highlighting educational purpose, no financial guarantees, risk warnings, and independent opinions.