Litecoin suffered a major disruption to its MimbleWimble Extension Block (MWEB) privacy layer after a critical validation bug was discovered and exploited in two separate incidents in March and April 2026, according to a post-mortem published by developer David Burkett.
The flaw was rooted in how MWEB inputs were validated during block connection. A miner could include malformed metadata that did not match the referenced unspent transaction output (UTXO). That mismatch allowed an attacker to craft blocks where a relatively small input appeared to justify a much larger withdrawal—or pegout—from the MWEB system.
Timeline of the MWEB incidents
A chain scan revealed the vulnerability had already been exploited in March at block height 3,073,882, when an attacker produced an inflated pegout exceeding 85,000 LTC. The funds were initially moved to a transparent address and split across three outputs, which miner-enforced consensus rules quickly placed under temporary freeze.
Core developers coordinated privately with major mining pools and rolled out emergency updates to enforce stricter validation while maintaining network stability. After contact from the community and developers, the attacker signed a recovery transaction that returned the bulk of the funds, keeping 850 LTC as an agreed-upon bounty.
Litecoin founder Charlie Lee covered that remaining shortfall, and the recovered amount was re-pegged back into MWEB; the resulting output was permanently frozen to restore internal accounting balance. No confirmed user funds were lost in the March incident, though the mitigation relied heavily on quick coordination among miners and controlled software updates.
A second incident occurred in April when another actor attempted to reuse the same exploit path. Updated nodes correctly rejected the malformed block, but mutated MWEB block data interfered with some upgraded mining nodes’ ability to continue normal operation. This specifically disrupted block submission and processing on affected nodes.
Because a portion of the network remained unupgraded, those miners continued extending an invalid chain that grew to 13 blocks before upgraded participants coordinated to reinstate the valid chain. That intervention triggered a deep reorganization (reorg) that removed the invalid blocks. However, some third-party services had already processed transactions from the bad chain prior to the reorg.
External services were impacted, including swap operations that relied on NEAR-related infrastructure and THORChain, where assets exchanged on the invalid chain no longer existed after the reorg. Assessments of losses tied to those transactions are ongoing.
Litecoin Core v0.21.5.4 and fixes
The April incident was traced to node behavior when handling mutated MWEB data that shared identical block hashes; corrupted data could interfere with the processing of later valid blocks. Litecoin Core version 0.21.5.4 addresses this by ensuring corrupted block data is discarded so that subsequent blocks can be validated correctly.
Alongside that fix, developers implemented several improvements to strengthen MWEB accounting and validation across all stages of block processing. These changes aim to prevent similar denial-of-service conditions and chain-splitting scenarios in the future, and to make node behavior more resilient when encountering malformed or mutated MWEB data.
Moving forward, the Litecoin developer community emphasizes coordinated software updates among miners and node operators, improved validation safeguards, and continued monitoring of MWEB-related activity to reduce the likelihood of recurrence and to protect the network and users from related attacks.