According to the latest report, major Litecoin mining pools were hit by a Denial-of-Service (DOS) attack this weekend due to a zero-day vulnerability in the network. The Litecoin Foundation confirmed that the bug has been patched and the network is fully operational.
Litecoin Attacker Attempts Double-Spend Exploits On Cross-Chain Protocols
On Saturday, April 25, the Litecoin Foundation reported in a post on the X platform that a Denial-of-Service attack occurred on its network. According to the foundation, this exploit, enabled by a zero-day bug in the network’s MimbleWimble Extension Block (MWEB) privacy layer, allowed the bad actor to attempt double-spends against cross-chain swap protocols.
The foundation explained that the vulnerability allowed non-updated mining nodes to facilitate an invalid MWEB transaction, which enabled individuals to peg out coins to third-party decentralized exchanges. This DOS attack caused a disruption to the normal operations of major mining pools, the post-mortem report read.
The Litecoin Foundation noted that the attack was mitigated through a 13-block reorganization (reorg), which reversed the invalid transactions and prevented them from being added to the blockchain. “All valid transactions during that period remain unaffected,” the foundation further clarified.
It is worth noting that the Litecoin Foundation didn’t identify any affected pools and didn’t specify the value of the invalid MWEB transactions created. Meanwhile, this incident comes at a time when blockchain insecurity has been rife, with the industry still reeling from the recent Kelp DAO attack.
Aurora Labs CEO: Zero-Day Or Inside Job?
Aurora Labs CEO Alex Shevchenko, who caught the Litecoin attack early, suggested that the DOS exploit had the markings of an inside job. According to the crypto founder, the attacker planned to swap LTC into ETH on a recently funded address, suggesting the exploiter knew about the bug from the outset.
Hence, the Aurora Labs CEO thinks prior knowledge defeats the whole idea of a “zero-day buy,” which means a software vulnerability unknown to the creator or the public. Shevchenko explained that the DOS attack involved putting nodes down to decrease the hashrate and was a way to exploit the buy.
Shevchenko wrote on X:
The fact that protocol automatically handled the reorg once DoS stopped (which is great) means that some portion of the hashrate was actually running an updated code. Thus, this bug was known and it’s not a zero-day.
As of this writing, the price of LTC is around $55.92, with no significant change over the past 24 hours. Despite the FUD (fear, uncertainty, and doubt) surrounding news of this DOS attack, the altcoin dropped by about 1.2% on the day.
The price of LTC on the daily timeframe | Source: LTCUSDT chart on TradingView
