Nikolas Sargeant
TL;DR
-
Litecoin was hit by a coordinated exploit targeting its MWEB privacy layer, triggering a temporary chain reorg and enabling double-spend attacks via fraudulent peg-outs.
-
The vulnerability has been patched, but some platforms reported losses.
Litecoin Reports a Denial-of-Service Attack Against Major Mining Pools.
Litecoin suffered a significant chain reorganization on Saturday after attackers exploited a zero-day vulnerability tied to its MimbleWimble Extension Block (MWEB) privacy layer, according to a statement from the Litecoin Foundation.
While announcing it via X on Saturday, the Litecoin Foundation said the flaw allowed mining nodes running outdated software to validate a malicious MWEB transaction.
Litecoin update:
— Litecoin (@litecoin) April 25, 2026
• A zero-day bug caused a DoS attack that disrupted major mining pools.
• Non-updated mining nodes allowed an invalid MWEB transaction allowing them to peg out coins to third party DEX’s
• A 13-block reorg reversed those invalid transactions — they will not…
This enabled attackers to generate unauthorized peg-out transactions—effectively moving coins out of the privacy layer—and route them to third-party decentralized exchanges. The exploit was compounded by a denial-of-service attack that disrupted major mining pools.
Aurora Labs CEO Alex Shevchenko described the incident as a “coordinated attack,” noting that the fork spanned blocks 3,095,930 to 3,095,943 and took more than three hours to resolve.
During that window, attackers executed double-spend attacks against several cross-chain swapping protocols that had accepted the now-invalid MWEB peg-out transactions.
According to the Litecoin Foundation, all malicious transactions were ultimately removed from the blockchain following the reorg, while legitimate transactions during the affected period remain intact. The vulnerability has since been patched, though some trading platforms have reported financial losses.
Shevchenko estimated exposure for NEAR Intents at around $600,000 and urged trading venues handling LTC to audit their transactions and balances, citing multiple observed double-spend attempts.
This latest development is the first known exploit targeting MWEB since Litecoin activated the privacy feature via a soft fork in May 2022.
The system allows users to transfer LTC between the transparent base layer and a confidential extension block using peg-in and peg-out mechanisms designed to preserve coin balance across both layers.
The vulnerability effectively allowed attackers to mint LTC on the main chain via fraudulent peg-outs—at least temporarily—until honest nodes rejected the invalid blocks and triggered the reorganization.
LTC, the native coin of the Litecoin ecosystem, is down 1% in the last 24 hours and is now trading at $55.52. Popularly regarded as Bitcoin’s sister, Litecoin has lost its place among the leading cryptocurrencies as it is currently down 25% year-to-date.
The hack adds to a growing list of crypto security breaches in 2026, with decentralized finance protocols losing more than $750 million to exploits by mid-April.
Recent major incidents include the $292 million Kelp DAO bridge hack and a $285 million attack on Solana-based derivatives platform Drift—both highlighting persistent vulnerabilities in cross-chain infrastructure.
