That event on Litecoin from Friday to Saturday was much more interesting than the Foundation made it seem. A reorganization of 13 blocks reversed about 32 minutes of activity on the network when attackers exploited a flaw in the Mimblewimble Extension Block protocol. The LTC price is around $58.65 right now, but what really caught attention was how the official story doesn’t match what’s publicly available on GitHub.

The Litecoin Foundation claimed it was a zero-day attack, you know how it is. But then researcher bbsz, who works with exploit security in crypto, started digging through the commit history and found something quite strange. The critical consensus bug that allowed the invalid MWEB transaction to pass wasn’t fixed weeks before the attack? Actually, it was. Fixed privately between March 19 and 26, almost a month before everything blew up.

What happened was that the zero-day vulnerability wasn’t really zero. Someone knew about it, fixed it privately, but the fix didn’t go out to all mining pools at the same time. This created a very convenient window where some miners were running updated code while others were still vulnerable. And the attackers seem to have known exactly which was which.

Alex Shevchenko, CTO of NEAR Foundation’s Aurora, also raised a very valid point. The denial-of-service attack and the MWEB bug were separate issues. The DoS was specifically designed to take down the mining nodes that had already been updated, forcing the un-updated ones to form the chain with invalid transactions. Clever, isn’t it? Data shows that the attacker even pre-funded a wallet 38 hours earlier, making a withdrawal from a major decentralized exchange, with the address already set up to swap LTC for ETH.

What’s most intriguing is that the network self-corrected as soon as the DoS stopped, suggesting there was enough hash power running updated code. But it took 32 minutes for that to happen. The Foundation still hasn’t fully explained the timeline of the fix or how many LTC were affected during that window of invalid blocks.

This really highlights the difference in how different networks handle exploits. Newer chains with centralized validators can coordinate updates within hours. But Litecoin and Bitcoin, being older proof-of-work networks, rely on independent pools to decide when to upgrade. It works well for normal changes, but creates a vulnerability when a security fix needs to reach everyone before an attacker exploits it. It’s an interesting trade-off that the community is still processing.