Litecoin hit by zero-day vulnerability! 13-block reorganization, NEAR Intents $600k at risk, v0.21.5.4 patch rushed online

📄Full Article· Automatically extracted by trafilaturaGemini 翻譯1588 words

The Litecoin network experienced a 13-block reorganization on the 25th, caused by an MWEB input validation vulnerability, which put approximately $600,000 in NEAR Intents assets at risk. The team urgently released v0.21.5.4 as a patch and urged all node operators and wallet users to upgrade immediately. (Previous coverage: Solana, LTC, HBAR spot ETFs list on US exchanges tonight! Staking support ignites a new chapter for altcoin funds) (Background: Speculating on next year's halving? Litecoin surges 37% intraday, breaking the silence of the bear market) The Litecoin network encountered a security incident on the 25th: an input validation vulnerability affecting the MWEB (MimbleWimble Extension Blocks) protocol layer was triggered, causing 13 consecutive blocks to be reorganized (reorg), lasting over 3 hours. The normal block time for Litecoin is one block every 2.5 minutes. Early in the incident, on-chain monitoring tools issued anomaly alerts, and some observers misidentified it as a 51% attack. After confirmation by the core development team, the root cause was identified as a logic vulnerability within the MWEB protocol itself, rather than an external hash rate takeover. Litecoin Core v0.21.5.4 released! All users are advised to upgrade. This release contains important security updates. https://t.co/6vtrhdXi4c — Litecoin (@litecoin) April 25, 2026 According to the official Litecoin announcement, the primary vulnerability (commit 1dcbf3f) allowed the MWEB kernel sum to fall into an unbalanced state, directly compromising the accounting integrity of MWEB inputs and outputs. Attackers could use this to unlock coins in MWEB and transfer them to third-party decentralized exchanges (DEX). Developer Loshan noted in the official announcement: "This release contains important security updates, and it is strongly recommended that all node operators and wallet users upgrade as soon as possible (ASAP)." v0.21.5.4 also patched several related security issues: Added dual verification for input commitments and public keys for MWEB inputs (commit e7cbf1d), providing additional defense-in-depth; fixed an integer overflow issue in kernel fees during MWEB transaction verification (42e7071); cleared block data for mutated blocks to prevent miner DoS (742ee94); and miners no longer include MWEB transactions when the input/output commitment sum is not zero (f423a84). NEAR Intents publicly stated that this chain reorganization event exposed approximately $600,000 in assets on its platform to potential risk. NEAR Intents has committed to compensating affected users and has suspended related LTC operations, pending confirmation of network stability before resuming. The network returned to normal consensus later that day, and with the official release of v0.21.5.4, the aforementioned vulnerabilities have been fully patched. Since its activation in 2022, MWEB node support has exceeded 90%, with a total MWEB balance of 260,000 LTC, serving as a core pillar of the Litecoin network's privacy features. This vulnerability involved protocol-layer accounting logic, and the impact was not limited to specific wallets; all nodes running older versions were at risk. Additionally, v0.21.5.4 introduced stability fixes: including data corruption issues during PMMR rewind (23e5eac), improvements to MMR file write durability, the addition of MWEB view keys to wallet dumpwallet output, and fixes for Boost >= 1.78 compatibility issues. Currently, the spot price of LTC is approximately $56.26. In March of this year, the SEC-CFTC joint framework classified LTC as a "digital commodity," and spot LTC ETF funds continue to flow in; the LitecoinVM zero-knowledge rollup testnet also went live in early April. This security incident was an unexpected protocol-layer event, to which the development team responded quickly, and the long-term ecological development direction remains unchanged. Official GitHub release page: v0.21.5.4 Release Notes

Data Status✓ Full text extractedRead Original (動區 BlockTempo)

🔍Historical Similar Events· Keyword + Asset Matching1 items

2026-04-26

Litecoin hit by zero-day vulnerability! 13 blocks reorganized, NEAR Intents $600,000 at risk, v0.21.5.4 patch rushed online

💡 Currently matching via keywords + symbols (MVP) · Will be upgraded to embedding semantic search later

Raw Information

ID:9cfa29e053

Source:動區 BlockTempo

Published:2026-04-26 05:33:01

Category:zh_news · Export Category zh

Symbols:Unspecified

Community Votes:+0 / −0 · ⭐ 0 Important · 💬 0 Comments