coin-img-ETHETH-0.03%coin-img-BTCBTC-0.71%coin-img-SOLSOL-0.78%coin-img-XRPXRP-0.80%coin-img-UFOUFO-86.43%coin-img-HOGRUNHOGRUN-6.97%coin-img-USDCUSDC+0.00%coin-img-XAUTXAUT-1.82%coin-img-ETHETH-0.03%coin-img-BTCBTC-0.71%coin-img-SOLSOL-0.78%coin-img-XRPXRP-0.80%coin-img-UFOUFO-86.43%coin-img-HOGRUNHOGRUN-6.97%coin-img-USDCUSDC+0.00%coin-img-XAUTXAUT-1.82%coin-img-ETHETH-0.03%coin-img-BTCBTC-0.71%coin-img-SOLSOL-0.78%coin-img-XRPXRP-0.80%coin-img-UFOUFO-86.43%coin-img-HOGRUNHOGRUN-6.97%coin-img-USDCUSDC+0.00%coin-img-XAUTXAUT-1.82%coin-img-ETHETH-0.03%coin-img-BTCBTC-0.71%coin-img-SOLSOL-0.78%coin-img-XRPXRP-0.80%coin-img-UFOUFO-86.43%coin-img-HOGRUNHOGRUN-6.97%coin-img-USDCUSDC+0.00%coin-img-XAUTXAUT-1.82%

Litecoin Fixes MWEB Validation Flaw Behind 85,000+ LTC Inflation Incident

Litecoin developers disclosed a critical validation bug in the network's MimbleWimble Extension Block (MWEB) implementation that briefly enabled inflation of more than 85,000 LTC. The issue was contained through mining-pool coordination and subsequent fund recovery. A later exploitation attempt led to a short-lived 13-block invalid chain, but upgraded nodes rejected it and consensus was restored without lasting impact to Litecoin users. According to a newly published postmortem, the vulnerability stemmed from inconsistencies that could be introduced between MWEB input metadata and the underlying UTXOs during block validation, creating a narrow but high-impact attack surface. Litecoin developers said that in March 2026 they discovered MWEB inputs were not being fully revalidated when blocks were connected to the chain. In practice, this allowed a malicious miner to include incorrect metadata so that a small input appeared much larger, enabling a pegout of 85,034 LTC. Because the exploit required the attacker to produce blocks directly, the blast radius was limited. After the flaw was identified, major mining pools coordinated to freeze the affected outputs and block further abuse. The attacker later cooperated and returned most of the funds in exchange for an agreed 850 LTC bounty. Charlie Lee covered that amount, allowing the full balance to be made whole. The recovered LTC was repegged into MWEB and locked, preserving internal accounting consistency. Litecoin said there were no confirmed user losses. In April, a second attempt to use the same pathway was rejected by upgraded nodes, but it revealed an additional edge case involving mutated block data. Some upgraded miners temporarily could not proceed normally, while non-upgraded participants extended an invalid chain by 13 blocks. Updated miners coordinated to extend the valid chain until it overtook the invalid one, triggering a reorganization that removed the malicious blocks. Litecoin noted that some external protocols processed transactions on the invalid chain before the correction, resulting in isolated losses in cross-chain settings. Litecoin Core 0.21.5.4 was released to address the edge case, ensuring corrupted block data cannot disrupt future valid submissions and improving overall node reliability. The episode underscores how decentralized networks can respond to critical failures under pressure. Litecoin developers said privacy-focused upgrades like MWEB add validation complexity, but rapid fixes, transparency, and miner coordination helped protect long-term network integrity.
المختارة
LTC
LTC+0.14%
إخلاء المسؤولية: المحتوى المذكور أعلاه هو رأي الكاتب فقط، ولا يمثل موقف BingX. ولا يجب اعتباره نصيحة استثمارية من BingX. للمزيد من التفاصيل، يُرجى مراجعة الشروط والأحكام.