•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Litecoin developers said a critical validation flaw in the network’s Mimblewimble Extension Block (MWEB) implementation allowed an attacker to create an inflated pegout of 85,034.47285734 LTC in March 2026. In a coordinated emergency response, developers recovered the funds and neutralized the resulting accounting imbalance.
The incident is detailed in a postmortem published by Litecoin developer David Burkett on April 28. The disclosure also describes a second event in April in which a later exploit attempt triggered a denial-of-service failure mode, disrupted upgraded mining nodes, and led to a 13-block invalid chain being reorged out.
According to the postmortem, the root issue was a missing validation check in Litecoin’s MWEB block connection path. MWEB inputs are expected to reference previous MWEB outputs while carrying metadata used for balance and spend validation. That metadata must match the actual MWEB UTXO being spent.
The postmortem says the check existed in some paths, including normal mempool and block construction, but was not fully enforced during block connection. This gap allowed a malicious block producer to include an MWEB input whose supplied metadata did not match the real UTXO, making a small input appear capable of supporting a much larger pegout.
“The intended rule is simple: when an MWEB input spends a previous output, the metadata supplied by the input must match the actual MWEB UTXO identified by the input’s output ID,” the postmortem states. “That check existed in some paths, including normal mempool and block construction paths. But it was not fully enforced in the block connection path.”
The exploit occurred at block height 3,073,882. The attacker used an MWEB input with an actual value described as unknown, but “not more than 1.2084693 LTC,” while using fake commitment data to generate a pegout of 85,034.47285734 LTC.
Developers said the inflated funds were initially sent to a transparent Litecoin address and later split into three transparent-chain outpoints. Because the exploit required bypassing normal transaction relay and block-building checks, the attacker needed to mine a block or control a miner willing to include malformed MWEB data.
After developers identified the vulnerability and confirmed it had already been exploited, they coordinated privately with major mining pools to prevent further exploit blocks while containing the inflated outputs.
Litecoin Core 0.21.5 and 0.21.5.1 were deployed as emergency miner-focused releases. The latter included a historical exception for the already-accepted exploit block and temporarily rejected spends of the three attacker-controlled transparent outputs.
The postmortem says the attacker later attempted to spend at least one frozen output, but upgraded miners rejected the transaction. Developers then contacted the actor, who agreed to sign a recovery transaction returning the funds except for an 850 LTC bounty.
The postmortem states the recovery transaction paid 84,184.47278630 LTC total to the recovery address, split across two outputs, and 850.00000000 LTC to an address controlled by the actor as the agreed bounty.
Developers also said Charlie purchased 850 LTC to cover the bounty gap. The full 85,034.47285734 LTC was then pegged back into MWEB at block height 3,078,098, and the resulting MWEB output was frozen to restore MWEB’s internal supply balance while preventing the rebalancing output from being spent.
Litecoin developers said no confirmed user funds were ultimately lost in the March incident, but they characterized the response as requiring emergency miner coordination, staged releases, and special-case handling of historical exploit data.
The second incident began on April 25 at block height 3,095,931, when another actor attempted to use the same original exploit path. Upgraded nodes rejected the malformed MWEB data, but the rejection exposed a separate mutated-block handling issue.
The postmortem explains that some serialized MWEB body data could be mutated without changing the canonical Litecoin block hash. When an upgraded node received such a mutated MWEB block over peer-to-peer channels, it could fail while applying the MWEB body, classify the failure as “BLOCK_MUTATED,” and retain the bad serialized data for that block hash. Developers said this could interfere with later valid block processing and mining RPC flows such as submitblock.
“During the April incident, this caused upgraded mining nodes to reject the bad block but also become unable to continue normal mining operations quickly enough,” the postmortem states. “Unupgraded miners, which did not enforce the MWEB fix, continued extending the invalid chain until upgraded miners coordinated and overtook it.”
Developers said the invalid chain ran through block height 3,095,943, producing 13 bad blocks in total before the valid chain overtook it. They emphasized this was not a rollback of valid Litecoin history, but a reorganization of an invalid chain produced by miners that had not upgraded or had not fully enforced the MWEB validation rules.
While the March exploit was recovered internally, the April reorg affected some external infrastructure. The postmortem says NEAR Intents processed a swap of 11,000 LTC for 7.78814476 BTC before those LTC were removed from the valid chain, resulting in what Litecoin described as a “large loss” for NEAR Intents.
THORChain was also affected, with an attacker swapping 10 LTC for 0.00719957 BTC before the reorg invalidated the Litecoin side of the transaction. Other attempted swaps were reportedly prevented in time, but Litecoin said exact third-party transaction IDs and final loss amounts were still being collected.
Litecoin Core 0.21.5.4 was released on April 25 to address the mutated-block denial-of-service failure mode. The update erases stored block data for blocks classified as mutated, allowing valid data for the same block hash to be accepted later.
Users, miners, exchanges and services were urged to upgrade to Litecoin Core 0.21.5.4 or later and verify that nodes are syncing normally.
At press time, LTC traded at $55.95.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
