TLDR
- Litecoin suffered a zero-day vulnerability that caused a 13-block chain reorganization on Saturday
- Attackers exploited the MimbleWimble Extension Block (MWEB) privacy layer to push invalid transactions
- Mining pools running updated software were hit by a denial-of-service attack, temporarily suppressing their hashing power
- A Binance-funded address suggests the attack was pre-planned, with some developers doubting it was a true zero-day
- The bug has been fully patched; valid transactions were not affected, but some trading venues reported losses including around $600,000 on NEAR Intents
Litecoin was hit by a major exploit on Saturday after attackers used a zero-day vulnerability in its MimbleWimble Extension Block privacy layer to trigger the first known attack on that system since it launched in 2022.
Litecoin update:
• A zero-day bug caused a DoS attack that disrupted major mining pools.
• Non-updated mining nodes allowed an invalid MWEB transaction allowing them to peg out coins to third party DEX’s
• A 13-block reorg reversed those invalid transactions — they will not…— Litecoin (@litecoin) April 25, 2026
The bug allowed older mining nodes to validate an invalid transaction, letting attackers peg coins out of the privacy layer and route them to decentralized exchanges and cross-chain swap protocols.
At the same time, mining pools running newer, updated software were hit by a denial-of-service attack. This temporarily knocked out their hashing power and gave older nodes control of the network.
Once the denial-of-service attack stopped, the updated nodes regained control and executed a 13-block reorganization of the chain. This reversed the invalid transactions, wiping more than three hours of altered history from Litecoin’s record.
The Litecoin Foundation confirmed that all valid transactions made during that period remain on the main chain. The vulnerability has now been fully patched, the team said.
The fork ran from block 3,095,930 to 3,095,943 and lasted more than three hours. During that window, attackers carried out double-spend attacks against multiple cross-chain swap protocols that had accepted the now-invalid peg-outs.
Aurora Labs CEO Alex Shevchenko described it as a “coordinated attack.” He also flagged that a Binance address funded the attacker earlier in the week, suggesting pre-planning.
Developers Question “Zero-Day” Label
Shevchenko argued the bug may not have been a true zero-day. He noted that because the network automatically handled the reorg once the denial-of-service stopped, part of the hash rate must have already been running updated code.
“This bug was known, and it’s not a zero-day,” Shevchenko wrote on X.
Blockchain developer Vadim added that the timing and targeting pointed to a deliberate operation, not a random exploit.
Losses Reported Across Trading Venues
Shevchenko estimated NEAR Intents lost around $600,000 in the incident. He urged all trading venues handling Litecoin to audit their transactions and holdings.
The Litecoin Foundation did not name which mining pools were affected or disclose how much Litecoin the invalid transactions created.
Litecoin was trading near $56.00 around 4:30 p.m. ET on Saturday, down about 1% on the day, with no sharp market reaction to the news. The token is down nearly 25% year-to-date.
The attack is part of a broader pattern of crypto security incidents in 2026. DeFi protocols have lost over $750 million to exploits through mid-April, including the $292 million Kelp DAO bridge drain on April 19 and a $285 million attack on Solana-based perpetuals platform Drift on April 1.
Cross-chain infrastructure was the common attack surface in most of those incidents, including Saturday’s Litecoin breach.
