Here’s How Litecoin (LTC) Contained a Massive MWEB Exploit

Litecoin experienced a significant disruption tied to its MimbleWimble Extension Block (MWEB) privacy layer after a critical validation flaw was discovered and exploited across two separate incidents in March and April 2026, according to a post-mortem shared by developer David Burkett.

The issue originated from a bug in how MWEB inputs were validated during block connection, which allowed a miner to include malformed metadata that did not match the actual unspent transaction output being referenced. This enabled an attacker to construct a block where a relatively small input appeared to justify a much larger withdrawal, known as a pegout, from the MWEB system.

Timeline

Sponsored

of MWEB Crisis

Interestingly, a chain scan revealed that the vulnerability had already been exploited in March at block height 3,073,882, where an attacker generated an inflated pegout of over 85,000 LTC. The funds were initially moved to a transparent address and split across three outputs, which were quickly temporarily frozen by miner-enforced consensus rules.

Developers privately worked with major mining pools to prevent further exploitation and released a series of emergency updates to enforce stricter validation rules while preserving network stability. The attacker later cooperated after being contacted and signed a recovery transaction that returned the majority of the funds, while retaining 850 LTC as a negotiated bounty.

That shortfall was covered separately by Litecoin creator Charlie Lee, and the full recovered amount was pegged back into MWEB. The resulting output was permanently frozen to restore internal balance. No confirmed user funds were lost in the March incident, though the response relied heavily on rapid miner coordination and controlled software rollouts.

A second incident in April exposed additional complications when another actor attempted to reuse the same exploit path. Although updated nodes correctly rejected the malformed block, the handling of mutated MWEB block data caused certain upgraded mining nodes to stall or become unable to continue normal operations. This particularly affected block submission processes.

As a result, unupgraded miners continued extending an invalid chain, which grew to 13 blocks before upgraded participants coordinated to restore the valid chain, which ended up triggering a deep reorganization. This reorg removed the invalid blocks, but not before some third-party systems processed transactions from the bad chain.

External services were impacted, including swaps conducted through NEAR-related infrastructure and THORChain, where assets exchanged on the invalid chain no longer existed after the reorg. Losses tied to these transactions are still being assessed.

Litecoin Core v0.21.5.4

The root cause of the April issue was linked to how nodes handled mutated MWEB data tied to identical block hashes, which could interfere with later valid block processing. This behavior has since been addressed in Litecoin Core version 0.21.5.4, which makes sure that corrupted block data is discarded to allow proper validation of subsequent blocks.

Developers also introduced several fixes to strengthen MWEB accounting, enforce correct validation at all stages, and prevent similar denial-of-service or chain-splitting scenarios in the future.

The post Here’s How Litecoin (LTC) Contained a Massive MWEB Exploit appeared first on BitcoinLinux.