The Litecoin 13-block reorg and zero-day timeline controversy describes a 13-block chain reorganization that rolled back roughly 32 minutes of Litecoin network activity. Attackers exploited a vulnerability in Litecoin’s Mimblewimble Extension Block (MWEB) to cause a denial-of-service attack against major mining pools and to let invalid MWEB transactions slip through nodes that had not updated. The event led to Litecoin Core v0.21.5.4 with security fixes and related repository activity indicating the consensus issue had been privately patched in a March 19–26 window before the exploit.
A zero-day vulnerability in Litecoin’s Mimblewimble Extension Block (MWEB) was exploited to mount a denial-of-service attack against major mining pools. The exploit allowed invalid MWEB transactions to bypass nodes that had not updated their software. This sequence produced a 13-block chain reorganization that rewound roughly 32 minutes of network activity. A separate denial-of-service vulnerability was patched on the morning of April 25.
The attacker pre-funded a wallet 38 hours before the exploit via a Binance withdrawal, with the destination address configured to swap Litecoin (LTC) into Ethereum (ETH) on a decentralized exchange (DEX). The pre-funding took place prior to the DoS and the inclusion of the invalid transactions on the unpatched chain. The DoS was designed to take patched mining nodes offline so that unpatched nodes would form the chain containing the invalid MWEB transactions. The attack specifically targeted mining pools that had applied patches.
Researchers reported that the Litecoin project GitHub repository shows the consensus vulnerability was privately patched between March 19 and March 26. The commit history indicates the private fix had not been publicly broadcast or required by all mining pools before the exploit. Both fixes were rolled into the public release Litecoin Core v0.21.5.4 on April 25, and that release arrived after the attack had already begun. Litecoin Core v0.21.5.4 contained security updates and users were advised to upgrade.
The network automatically handled the 13-block reorganization once the DoS stopped, suggesting enough hashrate running updated code overtook the attack chain after the unpatched fork had run for about 32 minutes. The Litecoin Foundation stated the bug was fully patched and that the network is operating normally.
The Litecoin 13-block reorg and zero-day timeline controversy involved an attack that leveraged a consensus vulnerability in the MWEB protocol that was privately patched but not publicly broadcast. Attackers used a DoS against partially patched mining pools so unpatched nodes formed a chain with invalid MWEB transactions, causing a 13-block rollback of about 32 minutes. Later releases and foundation statements report the bug was patched.
