Litecoin says its 13-block reorg was not a ‘zero-day, but GitHub commit history shows otherwise

Litecoin's foundation called the weekend exploit a zero-day. The litecoin-project GitHub repository shows the consensus vulnerability was privately patched between March 19 and 26, more than four weeks before the attack.

Melinda 2 hours ago 5 minutes read

Coinbase Pioneers On-Chain Tokenization with Bitcoin Yield Fund

Markets

Share this article

Litecoin says its 13-block reorg was not a ‘zero-day, but GitHub commit history shows otherwise

Litecoin’s foundation called the weekend exploit a zero-day. The litecoin-project GitHub repository shows the consensus vulnerability was privately patched between March 19 and 26, more than four weeks before the attack.

By Shaurya Malwa

Apr 26, 2026, 8:34 a.m.

Make preferred on

Physical representation of Litecoin tokens.

What to know:

Attackers exploited a previously patched but not fully deployed vulnerability in Litecoin’s Mimblewimble Extension Block protocol, triggering a 13-block chain reorganization that rewound about 32 minutes of activity.
Public GitHub commits show the core consensus bug was privately fixed weeks before the exploit, creating a window in which some mining pools ran updated code while others remained vulnerable, a gap researchers say the attackers appeared to target.
The Litecoin network ultimately reorganized back to the valid chain once denial-of-service attacks on patched miners ceased, but the foundation has not yet explained the patch timeline or disclosed how much LTC was affected during the invalid block window.

Litecoin Core v0.21.5.4 released! All users are advised to upgrade. This release contains important security updates. https://t.co/6vtrhdXi4c

— Litecoin (@litecoin) April 25, 2026

The Foundation said in Asian morning hours on Sunday the bug was fully patched and the network is operating normally.

However, prominent researchers say the litecoin-project GitHub repository tells a different story. Security researcher bbsz, who works with the SEAL911 emergency response group for crypto exploits, posted the patch timeline pulled from the public commit log.

Now that stuff has been made public on the Litecoin GitHub, we have a better sense of timeline and what happened.

In the age of Mythos, this timeline simply doesn’t fly.

The post-mortem says one zero-day caused a DoS that let an invalid MWEB tx slip through. The git log on… https://t.co/zMMrheQLPP pic.twitter.com/O3DtdwV0rF

— bbsz (@blackbigswan) April 26, 2026

The consensus vulnerability that allowed the invalid MWEB peg-out was privately patched between March 19 and March 26, roughly four weeks before the attack. A separate denial-of-service vulnerability was patched on the morning of April 25.

Both fixes were rolled into release 0.21.5.4 the same afternoon, after the attack had already begun.

“The post-mortem says one zero-day caused a DoS that let an invalid MWEB transaction slip through,” bbsz wrote. “The git log tells a slightly different story.”

A zero-day refers to a vulnerability unknown to defenders at the time of an attack.

Litecoin’s commit history shows the consensus vulnerability was known and patched privately a month before the exploit, but the fix had not been broadcast publicly or required to all mining pools.

That created a window where some miners ran the patched code while others ran the still-vulnerable version, and the attackers appear to have known which was which.

Alex Shevchenko, CTO of NEAR Foundation’s Aurora project, raised parallel concerns in a thread.

Blockchain data showed the attacker pre-funded a wallet 38 hours before the exploit through a Binance withdrawal, with the destination address already configured to swap LTC into ETH on a decentralized exchange.

The denial-of-service attack and the MWEB bug were separate components, Shevchenko argued, with the DoS designed to take patched mining nodes offline so the unpatched ones would form the chain that included the invalid transactions.

The fact that the network automatically handled the 13-block reorganization once the DoS stopped suggests enough hashrate was running updated code to eventually overpower the attack, but only after the unpatched fork had run for 32 minutes.

A hit on Litecoin shows how attacks on various networks differ in how code maintainers and developers react to exploits. Newer chains with smaller, more centralized validator sets coordinate upgrades through chat groups and can push patches network-wide in hours.

Older proof-of-work networks like Litecoin and bitcoin rely on independent mining pools choosing when to upgrade, which works for non-urgent changes but creates a window of vulnerability when a security patch needs to reach everyone before an attacker exploits the gap.

The Litecoin Foundation has not publicly addressed the GitHub timeline as of Sunday morning.

The amount of LTC pegged out during the invalid block window and the value of any swaps completed before the reorganization reversed them have not been disclosed.

More For You

BlackRock’s bitcoin ETF just hit a massive milestone that proves crypto is now a mainstream bet

By Omkar Godbole|Edited by Aoyon Ashraf

14 hours ago

IBIT options open interest topped Deribit on Friday, signaling rapid institutional adoption of regulated crypto derivatives in the U.S.

What to know:

IBIT options open interest topped Deribit on Friday, signaling rapid institutional adoption of regulated crypto derivatives in the U.S.
Positioning differs across markets: IBIT flows appear slightly more bullish than Deribit’s BTC options.
Despite similar scale, IBIT and Deribit cater to different investor bases.

Read full story

Latest Crypto News

Crypto is built for AI agents, not humans, says Alchemy’s CEO

13 hours ago

U.S. President Donald Trump speaking at Mar-a-Lago.

Trump defends crypto legislation at private event featuring boxer Mike Tyson, Tether CEO

13 hours ago

BlackRock’s bitcoin ETF just hit a massive milestone that proves crypto is now a mainstream bet

14 hours ago

CEO and co-founder of Anthropic Dario Amodei (Getty Images)

How Anthropic’s Mythos model is forcing the crypto industry to rethink everything about security

15 hours ago

Bitcoin falls after Trump reportedly canceled Steve Witkoff and Jared Kushner’s Iran-talks trip

16 hours ago

Donald Trump points at the audience during a press conference at the White House.

Mike Tyson, Tether CEO, Cathie Wood among speakers at Trump’s ‘most exclusive’ crypto conference

17 hours ago

Clock is ticking for bitcoin to prevent quantum threat as it could drain 6.9 million BTC including Satoshi’s

22 hours ago

Jesse Pollak (courtesy Winni Wintermeyer/Coinbase)

Coinbase’s Jesse Pollak says AI agents are the next big wave for crypto payments

19 hours ago

U.S. Commodity Futures Trading Commission Chairman Mike Selig (Jesse Hamilton/CoinDesk)

U.S. CFTC adds New York to string of states its suing to stop prediction market pushback

Apr 24, 2026

MicroStrategy Executive Chairman Michael Saylor (CoinDesk)

Michael Saylor says the bitcoin winter is over. Some experts agree, with caveats.

Apr 24, 2026

Bitcoin at $40,000 would be ‘near-unprecedented’ statistical outcome, analyst says

17 hours ago

SpaceX’s $75 billion IPO could drain the liquidity that’s helping lift bitcoin and crypto

Apr 24, 2026

Melinda

Author

View All Posts

Litecoin says its 13-block reorg was not a ‘zero-day, but GitHub commit history shows otherwise

Litecoin’s foundation called the weekend exploit a zero-day. The litecoin-project GitHub repository shows the consensus vulnerability was privately patched between March 19 and 26, more than four weeks before the attack.

What to know:

BlackRock’s bitcoin ETF just hit a massive milestone that proves crypto is now a mainstream bet

Crypto is built for AI agents, not humans, says Alchemy’s CEO

Trump defends crypto legislation at private event featuring boxer Mike Tyson, Tether CEO

BlackRock’s bitcoin ETF just hit a massive milestone that proves crypto is now a mainstream bet

How Anthropic’s Mythos model is forcing the crypto industry to rethink everything about security

Bitcoin falls after Trump reportedly canceled Steve Witkoff and Jared Kushner’s Iran-talks trip

Mike Tyson, Tether CEO, Cathie Wood among speakers at Trump’s ‘most exclusive’ crypto conference

Clock is ticking for bitcoin to prevent quantum threat as it could drain 6.9 million BTC including Satoshi’s

Coinbase’s Jesse Pollak says AI agents are the next big wave for crypto payments

U.S. CFTC adds New York to string of states its suing to stop prediction market pushback

Michael Saylor says the bitcoin winter is over. Some experts agree, with caveats.

Bitcoin at $40,000 would be ‘near-unprecedented’ statistical outcome, analyst says

SpaceX’s $75 billion IPO could drain the liquidity that’s helping lift bitcoin and crypto

In this article

About the Author

Melinda

Leave a Reply Cancel reply

Related Stories

Litecoin Confirms Zero-Day Bug Caused 13-Block Reorg, Network Patched and Stable

Crypto is built for AI agents, not humans, says Alchemy’s CEO

Trump defends crypto legislation at private event featuring boxer Mike Tyson, Tether CEO

You May Have Missed

Trump’s official memecoin extends slide as he hosts exclusive investor gala

Latam Insights: Brazil Bans Predictions Markets, Report Highlights Region’s Mining Potential

Litecoin says its 13-block reorg was not a ‘zero-day, but GitHub commit history shows otherwise

Central Bank of Brazil: Stablecoins Dominate Over $6.9 Billion Crypto Purchases Registered in Q1