Litecoin postmortem: MWEB bug allowed attacker to fabricate 85,034 LTC pegout before developers froze funds

Litecoin developers published a postmortem on Tuesday confirming two related security incidents tied to a critical Mimblewimble Extension Block (MWEB) validation bug. The flaw allowed an attacker to fabricate an 85,034 LTC pegout in March 2026 and later trigger a 13-block chain reorganization in April that affected Thorchain and NEAR Intents.

Key takeaways

• A Litecoin MWEB validation bug allowed an attacker to inflate and peg out 85,034 LTC in March 2026, but the actor returned the funds for an 850 LTC bounty.
• An April 2026 exploit attempt triggered a 13-block chain reorganization, causing NEAR Intents to lose 11,000 LTC swapped for 7.78 BTC.
• Litecoin Core v0.21.5.4 patched both the inflation bug and the mining node stall that enabled the April reorganization.

Cause: missing MWEB metadata check at block connection

The postmortem identified the root cause as a missing metadata check during block connection. When an MWEB input spends a previous output, the metadata carried by that input must match the actual UTXO being consumed. Developers said the check existed in the mempool and block-building paths, but was not fully enforced at the block connection stage.

March 2026 incident: fabricated pegout and recovery

Developers said they discovered the vulnerability through internal review on March 19. A chain scan indicated exploitation had already occurred at block 3,073,882.

According to the postmortem, the attacker used a malicious MWEB input whose real value was no more than 1.2084693 LTC to support a pegout of 85,034.47285734 LTC.

Containment and staged releases

Developers coordinated privately with major mining pools to contain the inflated outputs before public disclosure. An emergency release, Litecoin Core 0.21.5, was pushed to miners to block new malformed inputs. A follow-up release, 0.21.5.1, added a historical exception for the already-accepted exploit block and temporarily froze the three transparent outpoints holding the attacker’s funds.

Recovery agreement

The actor attempted to spend at least one frozen output, but upgraded miners rejected the transaction. Developers then contacted the actor directly. The actor agreed to cooperate and signed a recovery transaction returning 84,184.47278630 LTC to a developer-controlled address while keeping 850 LTC as an agreed bounty.

Litecoin founder Charlie Lee purchased the 850 LTC needed to make the MWEB balance whole. The full 85,034.47285734 LTC was pegged back into MWEB in a single transaction at block height 3,078,098, and the resulting MWEB output was frozen. Developers said no user funds were ultimately lost in the March incident.

April 2026 incident: 13-block reorganization and downstream losses

The postmortem said a second attacker attempted the same exploit path in April, triggering a separate failure. Upgraded nodes rejected the malformed block, but mutated MWEB block data handling caused certain mining RPC commands to hang, including the submitblock call. As a result, upgraded mining nodes stalled while unupgraded miners continued extending the invalid chain.

The invalid chain grew to 13 blocks before upgraded miners coordinated to overtake it. The bad chain was reorged out, but several third-party systems had already processed activity on the invalid chain before the reorganization completed.

Confirmed losses reported by counterparties

NEAR Intents confirmed the attacker swapped 11,000 LTC for 7.78814476 BTC before the reorganization completed. Those 11,000 LTC were no longer present on the valid chain after the reorg, leaving NEAR Intents with a confirmed loss.

Thorchain reported a separate loss after the attacker swapped 10 LTC for 0.00719957 BTC through its bridge before the reorganization.

Fix: Litecoin Core v0.21.5.4

Litecoin Core v0.21.5.4 addressed the mutated-block stall by erasing stored block data for blocks classified as mutated, allowing valid data for the same block hash to be accepted later. The release was built and deployed publicly on April 25.

Response assessment and community reaction

The postmortem blog acknowledged multiple response failures, including that MWEB validation relied too heavily on checks not applied at block connection, that recovery required multiple staged miner releases each carrying coordination risk, and that the April mutated-block failure mode had not been tested against mining RPC behavior.

Community sentiment following the postmortem X post was largely supportive, with roughly 70% to 80% of replies citing appreciation for the team’s transparency and speed. Several responses said the chain held firm and that public disclosure built rather than damaged trust.

Network guidance

Users and node operators were advised to upgrade to Litecoin Core v0.21.5.4 or later, verify that their node is syncing normally, and reindex if the node remains stuck after a restart.