Overview
- The network rewrote 13 blocks after a Saturday exploit in MimbleWimble Extension Block, a privacy add‑on that lets users move coins out of a shielded pool using peg‑outs.
- Attackers pushed invalid peg‑outs while a denial‑of‑service hit updated mining pools, letting unpatched nodes carry a fork that ran for more than three hours across blocks 3,095,930 to 3,095,943.
- The Litecoin Foundation says the vulnerability is patched and normal operations have resumed, while venues reported losses with NEAR Intents’ exposure estimated at about $600,000.
- Researchers and the GitHub commit history indicate the consensus fix was privately applied between March 19 and March 26 with a separate DoS patch on April 25, challenging the “zero‑day” label and raising coordination concerns.
- Blockchain traces show the attacker funded a wallet about 38 hours earlier via a Binance withdrawal with a preset LTC‑to‑ETH swap path, a sign of planning that now has platforms auditing transactions and balances.