32 分鐘交易紀錄全蒸發！萊特幣驚爆「13 個區塊遭抹除」… 駭客這招太狠

Author: Max, Crypto City Privacy protocol MWEB hit by severe vulnerability, 13 blocks erased and rewritten The veteran public chain Litecoin (LTC) encountered a major security challenge on the evening of April 25. According to the latest information provided by the Litecoin Foundation, the network experienced a rare deep chain reorganization, resulting in 13 blocks being erased and rewritten. The root cause of this incident stems from hackers exploiting a vulnerability in the Litecoin MimbleWimble Extension Blocks (MWEB) privacy protocol to launch a meticulously planned attack on the network. According to blockchain data, the affected block heights ranged from 3,095,930 to 3,095,943, which translates to approximately 32 minutes of transaction history being corrected during the reorganization process. This event marks the first large-scale technical attack on the MWEB protocol since its official activation in May 2022. In a post-incident statement, the development team noted that although the reorganization occurred, valid transactions conducted during the affected period were not impacted and have been re-included in the main chain record. The primary purpose of this reorganization was to correct invalid transactions generated by the vulnerability and prevent illicit funds from entering the market. Currently, the Litecoin official team has urgently released the Core v0.21.5.4 version update and requested all nodes and mining pools to complete the upgrade as soon as possible to prevent the risk of potential secondary attacks. DoS attacks combined with double-spending, cross-chain protocols become primary victims Further analysis of the attack methodology reveals a hybrid attack combining traffic suppression and financial arbitrage. Hackers first launched a large-scale Denial-of-Service (DoS) attack against mining pools that had already updated their software, successfully suppressing the Hashing Power of these pools and preventing them from participating in block production. During this vacuum period, nodes running older software became the temporary dominant force of the network. Because old nodes could not recognize the vulnerability security in the new protocol, hackers used this to send invalid MWEB transactions (Peg-out) into the network and successfully diverted these virtual assets to decentralized exchanges (DEX) and cross-chain swap protocols. Hackers exploited the fork window to deposit assets that would eventually be deemed invalid into cross-chain bridges or exchange platforms, completing the asset transfer before the reorganization occurred. This type of technique is a classic "double-spend" attack. Aurora Labs CEO Alex Shevchenko pointed out that this attack demonstrated a high level of coordination, with victims including well-known protocols such as NEAR Intents, with initial estimated losses reaching 600,000. Such attacks targeting Layer 1 networks have cast serious doubt on the security of these networks when used as collateral for cross-chain assets. Zero-day vulnerability or late update? GitHub records spark controversy Although the Litecoin official team characterized this incident as a "zero-day" vulnerability—meaning a flaw unknown to developers before the attack—security researchers have proposed a different view. Researcher bbsz from the crypto security response team SEAL911 reviewed Litecoin's code commit history on GitHub and discovered that the consensus vulnerability leading to the invalid MWEB transactions had already been privately patched between March 19 and March 26, 2026. This record indicates that the development team was aware of the risk a month before the attack occurred but failed to complete a full network upgrade in time. This time gap left an opening for hackers. Researchers pointed out that the hackers precisely identified which mining pools had not yet updated and used DoS attacks to kick the updated pools out of the competition queue, allowing vulnerable old nodes to endorse their actions. Furthermore, on-chain records show that a Binance wallet address provided funds to the attacker's wallet 38 hours before the attack, and the address was pre-configured to convert assets into Ethereum (Ethereum). All signs point to a targeted strike against the developers' patching window, exposing the challenges of Proof-of-Work (PoW) networks in decentralized governance and emergency update speed. AI threats intensify, PoW network update efficiency faces a test The Litecoin hack reflects new challenges for the cryptocurrency industry following the widespread adoption of artificial intelligence. The Litecoin Foundation mentioned that the frequency of zero-day vulnerability discovery has risen sharply, partly because AI systems like Anthropic's Claude Mythos have gradually surpassed human engineers in their ability to identify software vulnerabilities and attack surfaces. For networks like Litecoin that rely on independent mining pools for autonomous upgrades, completing a full network synchronization before hackers can use AI to discover vulnerabilities and launch attacks has become the key to survival. Compared to emerging chains with higher degrees of centralization, traditional PoW networks still have room for improvement in their response speed when facing emergency security threats. Even though the network has returned to normal operation, the market remains on high alert regarding this incident. The price of Litecoin (LTC) fell to around 56 after the