"On April 25, the Litecoin network began processing invalid transactions on its MWEB layer, a privacy extension that lets users obscure transaction amounts and addresses. A zero-day bug in the code enabled an attacker to manufacture a fraudulent pegout, a mechanism that moves litecoin from the MWEB layer back to the main chain."
"The malicious transaction fabricated a withdrawal of 85,034 LTC, creating an inflation vulnerability. Subsequently, non-updated nodes accepted the invalid transaction, and the attacker used it to redirect funds to third-party decentralized exchanges before developers could intervene."
"Over approximately two hours and 45 minutes, mining pools coordinated to enforce the valid chain through a reorganization, a process where a longer valid chain replaces the one containing invalid blocks."
On April 25, an exploit in Litecoin's MWEB privacy layer allowed an attacker to create a fraudulent pegout of 85,034 LTC, leading to a temporary chain split. F2pool successfully mined all 13 blocks on the valid chain, resolving the split. The exploit was due to a zero-day bug that enabled invalid transactions, which were accepted by non-updated nodes. Developers quickly intervened to freeze funds and coordinate recovery efforts, while Litecoin Core v0.21.5.4 was released to patch the vulnerabilities.
Read at news.bitcoin.com
Unable to calculate read time
Collection
[
|
...
]