coin-img-ETHETH+0.48%coin-img-BTCBTC-0.62%coin-img-SOLSOL-0.30%coin-img-XRPXRP-0.66%coin-img-UFOUFO-83.60%coin-img-HOGRUNHOGRUN+0.74%coin-img-USDCUSDC+0.00%coin-img-XAUTXAUT-1.75%coin-img-ETHETH+0.48%coin-img-BTCBTC-0.62%coin-img-SOLSOL-0.30%coin-img-XRPXRP-0.66%coin-img-UFOUFO-83.60%coin-img-HOGRUNHOGRUN+0.74%coin-img-USDCUSDC+0.00%coin-img-XAUTXAUT-1.75%coin-img-ETHETH+0.48%coin-img-BTCBTC-0.62%coin-img-SOLSOL-0.30%coin-img-XRPXRP-0.66%coin-img-UFOUFO-83.60%coin-img-HOGRUNHOGRUN+0.74%coin-img-USDCUSDC+0.00%coin-img-XAUTXAUT-1.75%coin-img-ETHETH+0.48%coin-img-BTCBTC-0.62%coin-img-SOLSOL-0.30%coin-img-XRPXRP-0.66%coin-img-UFOUFO-83.60%coin-img-HOGRUNHOGRUN+0.74%coin-img-USDCUSDC+0.00%coin-img-XAUTXAUT-1.75%

Litecoin MWEB Bug Minted 85K LTC; Cross-Chain Protocols Absorbed the Losses

A newly released postmortem details how a serious flaw in Litecoin's privacy layer was exploited earlier this year to create more than 85,000 LTC. The Litecoin network ultimately contained the incident with limited direct impact to users, but the fallout landed harder on cross-chain infrastructure that briefly acted on an invalid chain. MWEB validation flaw led to inflated pegout In the report dated 28 April, developers said the vulnerability originated in Litecoin's Mimblewimble Extension Block (MWEB). A validation bug let inconsistent transaction metadata pass checks during block processing, allowing an attacker to craft a malicious block and produce an inflated pegout totaling 85,034 LTC. The team detected the issue in March after scanning the chain and confirming the exploit had already taken place. With the funds not yet widely dispersed, mining pools coordinated to freeze the affected outputs. The attacker later cooperated by signing a recovery transaction that returned most of the funds, less an agreed 850 LTC bounty. The recovered LTC was rebalanced back into MWEB, effectively neutralizing the inflation event. No confirmed user losses were reported from the initial exploit. April chain split and a 13-block invalid branch In April, a second attempt to leverage the same weakness exposed a separate failure mode. While upgraded nodes rejected the malicious block, some mining nodes stalled when processing mutated block data. Unupgraded miners continued building on an invalid chain, which reached 13 blocks before upgraded miners overtook it and the invalid branch was removed. Developers emphasized this was not a rollback of valid Litecoin history, but a reorganization that discarded blocks produced under outdated rules. Even so, the temporary divergence created downstream risk for external systems. Cross-chain platforms processed transactions that later vanished Several cross-chain and swap services, including NEAR Intents and THORChain, processed activity on the invalid branch before the reorg finalized. Assets were exchanged based on transactions that did not ultimately exist on the canonical chain, resulting in measurable losses for those platforms. Fixes deployed, but broader risk remains Litecoin developers have shipped patches addressing both the original validation flaw and the node-handling issue. The network has returned to normal operations, and the MWEB balance has been fully restored. The postmortem also highlights operational and ecosystem risk: the successful response depended on rapid miner coordination and phased emergency updates, and it shows how a vulnerability in one network can cascade into losses across connected DeFi and cross-chain infrastructure. Final Summary Litecoin contained an inflation bug that briefly created about 85K LTC, with most funds recovered via coordinated miner action. Cross-chain protocols absorbed losses after processing invalid-chain transactions ahead of a 13-block reorg, underscoring rising systemic risk at the edges of DeFi infrastructure.
LTC
LTC+0.00%
NEAR
NEAR+0.45%
إخلاء المسؤولية: المحتوى المذكور أعلاه هو رأي الكاتب فقط، ولا يمثل موقف BingX. ولا يجب اعتباره نصيحة استثمارية من BingX. للمزيد من التفاصيل، يُرجى مراجعة الشروط والأحكام.