According to a report by The Block, the Litecoin Foundation on Saturday 4/25 confirmed that the attacker targeted a zero-day vulnerability in the MimbleWimble Extension Block (MWEB) privacy layer, forcing the main chain to roll back once across 13 blocks over a period of three hours. This is the first major attack incident involving MWEB since it was enabled in 2022.
The MWEB vulnerability lets older nodes pass forged peg-out transactions
The core issue is that miner nodes running older software would treat an invalid MWEB transaction as legitimate. The attacker exploited this to peg out LTC from the privacy layer to the main chain, then route it into decentralized exchanges to swap it into other assets—effectively creating money out of thin air. At the same time, several major mining pools were also implicated and subjected to targeted DoS attacks.
MWEB is Litecoin’s privacy extension layer that was launched via a soft fork in May 2022, with the goal of giving LTC a value-obfuscation feature similar to Monero. For more than three years, the functionality has operated reliably. This is the first time it has been effectively used to attack the main network.
13-block rollback, fork lasting more than 3 hours
The affected fork extended from block 3,095,930 to 3,095,943, for a total of 13 blocks. This three-hour window gave the attacker enough time to carry out double-spends against cross-chain exchange protocols that accepted MWEB peg-outs: when the exchange protocol transferred the assets to the counterparty but then lost the corresponding MWEB settlement during the subsequent rollback, the isolated transactions became effectively invalid.
NEAR Intents exposes about $600k; mining pools hit with DoS as well
Among the affected protocols, NEAR Intents was the one with the highest publicly disclosed amount. Initial reports said it exposed about $600k, and the team stated it would absorb the users’ losses itself. Litecoin later confirmed that all invalid transactions were wiped from the main chain along with the rollback, so the actual settlement losses should be far lower than the initial estimate.
On the mining pool side, the same vulnerability triggered the DoS conditions, forcing pools to pause or fail to produce blocks. This is also key to how the attacker managed to keep the fork going for three hours—without mainstream hash power immediately cutting off the invalid chain, the attack chain had time to accumulate blocks.
A patched version has been released; mining pools and nodes need to upgrade immediately
Within a few hours after the incident, Litecoin’s development team released a patched version, instructing all node and mining pool operators to upgrade immediately to the latest version. The foundation said the network has returned to normal operation and advised exchanges to temporarily pause processing MWEB-related withdrawals and conversions until the upgrade is complete.
For LTC holders, this incident does not affect legitimate transactions on the main chain or existing balances, but it highlights the trade-off between “reducing observability” and “reducing the difficulty of debugging” in the privacy extension layer—when problems arise, it becomes harder for the community to track anomalies from on-chain data in the first place. Litecoin only listed a staking ETF in the United States in October 2025, so institutional investors’ focus on network stability is likely to increase.
This article, Litecoin’s first privacy-layer hack: MWEB zero-day triggers 13-block chain reorganization, first appeared on Lian News ABMedia.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
RAVE Token Surges 110x in Two Weeks, Then Crashes 98% Amid Market Manipulation Allegations
Gate News message, April 27 — RAVE, the native token of RaveDAO (a Web3-based cultural community project), skyrocketed 110x in two weeks before plummeting 98% over two days on April 19-20, prompting comparisons to the infamous 2007 Lubo stock manipulation scandal in South Korea.
On April 18, RAVE r
GateNews18m ago
Research reveals: Polymarket players take home 30% of profits by winning 3% of the positions—more than 70% of players absorb all losses
A new study analyzes Polymarket’s trading records from 2023–2025 and shows that only 3.14% of experienced winners control more than 30% of the profits. Crowd participation alone is not enough to explain overall accuracy; at the same time, it tracks 1,950 highly suspicious insider trading accounts that, while not driving predictions, amplified price volatility. The case shows that large bets were placed and profits were made before the U.S. announced developments regarding Venezuela. The research questions “wisdom of crowds” and emphasizes the need for increasingly strict regulation.
ChainNewsAbmedia1h ago
France: More than 40 crypto investor kidnappings in 2026, involving leaked tax data
According to Market Forces Africa, reported on April 27, incidents of kidnapping and violent attacks targeting cryptocurrency investors in France have increased sharply. On the X platform, Telegram founder Pavel Durov said that since the beginning of 2026, he has recorded 41 cases of cryptocurrency investor kidnappings, averaging one incident every 2.5 days, and that they are linked to a leak of French tax records.
MarketWhisper1h ago
Hubei cybersecurity police received a Second Class Merit Award, solving the province’s first “hundred-million-yuan” virtual-coin theft case in 70 days
According to a report by Hubei Daily on April 27, Guo Tingyu, a police officer from the Cyber Security Brigade of the Qingshan Branch of the Wuhan Municipal Public Security Bureau, was recently awarded the Individual Second-Class Merit. Guo Tingyu graduated from Huazhong University of Science and Technology with a degree in computer science. In 2023, he passed the civil service exam to join the police force. In early 2024, he took charge of the first virtual currency theft case in all of Hubei Province. After nearly 70 days of investigation and case-solving, the amount of involved funds exceeded 100 million yuan, and all five suspects were fully dealt with in accordance with the law.
MarketWhisper1h ago
Litecoin Executes Deep Chain Reorganization to Undo MWEB Privacy Layer Exploit
Gate News message, April 27 — Litecoin underwent a deep chain reorganization on Saturday (April 26) after attackers exploited a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) privacy layer, the Litecoin Foundation announced. The reorg spanned blocks 3,095,930 to 3,095,943 and
GateNews2h ago
China Breaks Cryptocurrency Theft Ring Worth Over $140 Million, Arrests 5 Suspects
Gate News message, April 27 — A cybercrime unit in Wuhan, China's Hubei Province, has dismantled a cryptocurrency theft ring involving counterfeit wallet applications, with investigations revealing over 100 million yuan (approximately $14 million) in illicit proceeds. Five suspects have been
GateNews2h ago
