Litecoin Blockchain Hit by Denial-of-Service and Double-Spending Attack

Litecoin, a popular cryptocurrency, faced a major security breach over the weekend when its blockchain was targeted by a denial-of-service (DoS) and double-spending attack.

The attack exploited a consensus bug in Litecoin's Mimblewimble-based confidential transaction extension (MWEB), allowing an attacker to mint invalid coins and rapidly trade them for other digital assets on crypto exchanges. The attacker bridged the proceeds through THORChain and NEAR Intents to swap for ether, demonstrating the vulnerability of Litecoin's infrastructure.

The attack resulted in a 32-minute downtime, with miners eventually rolling back transactions and creating a new fork. Interestingly, due to the slow mining times during the attack, it took nearly three hours for the network to produce the 13 replacement blocks that would have normally consisted of just 32 minutes worth of transactions.

The incident is significant as it reveals vulnerabilities in Litecoin's infrastructure despite previous boasts of '100% uptime'. The underlying consensus fix had sat in a private GitHub branch for about 30 days, and several major mining pools apparently never installed the public release in time. This has raised questions about asymmetric disclosure windows and the effectiveness of security measures in place.