A zero-day bug hit Litecoin’s network on April 25, 2026. It disrupted major mining pools, opened a path for double-spend attempts on cross-chain swap protocols, and forced a 13-block chain reorganization that took more than three hours to complete.
The Litecoin MWEB zero-day attack exploited a gap in node update compliance. Non-updated mining nodes processed an invalid MimbleWimble Extension Block transaction, which allowed coins to be pegged out to third-party decentralized exchanges. That single unpatched entry point is what gave attackers their opening — not a brute-force takeover of the network’s hashrate.
Unpatched Nodes Were the Door
Alex Shevchenko, CEO of Aurora Labs, was among the first to flag the incident publicly. Writing on X, Shevchenko noted that Litecoin had experienced a coordinated chain attack resulting in a 13-block reorg.
“@litecoin experienced a coordinated attack on the chain that resulted in 13 blocks reorg that took more than 3h to generate. During this time attackers were performing double spend attacks on multiple cross-chain swapping protocols. We are investigating the situation.”
Thirteen blocks at Litecoin’s 2.5-minute block time should take roughly 32 minutes. The fact that those blocks took over three hours to produce pointed to something abnormal. Not additional hashpower. A bug-driven chain running in parallel.
The official Litecoin account on X later confirmed the sequence of events, stating:
“A zero-day bug caused a DoS attack that disrupted major mining pools. Non-updated mining nodes allowed an invalid MWEB transaction allowing them to peg out coins to third party DEX’s. A 13-block reorg reversed those invalid transactions — they will not be included in the main chain.”
DEXs Caught in the Crossfire
Cross-chain swap protocols bearing LTC exposure paused activity as the situation developed. NEAR Intents reported roughly $600,000 in potential exposure during the incident, with the team saying it would cover any user losses directly. No follow-up statement from NEAR Intents had been issued as of publication.
The reorg’s function here matters. Litecoin’s team confirmed that the 13-block reorganization was the network correcting itself — rolling back those invalid transactions before they could settle permanently. All valid transactions processed during that window remain unaffected, per the official statement. That distinction changes the loss picture. If the reorg wiped the fraudulent transactions clean, settled losses from the NEAR Intents exposure figure could land well below the initial $600K flag.
Other protocols that paused LTC deposits and withdrawals in response are expected to reassess their exposure in light of the Litecoin team’s clarification.
The Bug Is Patched
Litecoin’s team confirmed the vulnerability has been fully resolved. The network was operating normally as of the statement issued at 4:22 p.m. ET on April 25, 2026.
The attack path itself was narrow but clear. Nodes that had not applied the relevant software update processed a transaction they should have rejected. That processing error gave the MWEB exploit its window. Once updated nodes reasserted control and the reorg cleared the invalid chain, the main chain returned to normal operation. The patched bug closes that window.
Zcash founder Zooko Wilcox addressed the broader pattern in a post on Saturday, writing that such rollback-and-double-spend attacks are not isolated to Litecoin and have been carried out against other proof-of-work chains including Monero and Grin in recent years. Wilcox’s note puts the incident inside a longer-running vulnerability pattern for PoW networks where node update adoption is uneven.
For DEX operators and cross-chain swap protocols that settle in LTC, the incident is a direct signal. Exposure to unpatched node behavior on counterpart chains is a real settlement risk, not a theoretical one. The Litecoin network resolved this internally. Not every protocol in its path had that same backstop.
