Table of Contents:
Litecoin's MWEB Chain Split Resolved as F2pool Mines All 13 Blocks
The mining pool F2pool has confirmed that it successfully mined all 13 consecutive blocks necessary to resolve the temporary chain split that occurred within the Litecoin network. This split was triggered when an attacker exploited a vulnerability in the privacy layer known as "MimbleWimble Extension Blocks" (MWEB), allowing them to forge an invalid "Pegout" of 85,034 LTC.
F2pool's mining of these blocks effectively restored the valid chain and eliminated the competing version that had emerged. The incident, which began on April 25, involved a zero-day exploit that led to the processing of invalid transactions on the MWEB layer, causing significant disruption across major mining pools.
Get $500 free Bitcoin mining for a free testing phase:
- Real daily rewards
- 1 full month of testing
- No strings attached
If you choose to buy after testing, you can keep your mining rewards and receive up to 20% bonus on top.
"The rapid mobilization of an overwhelming majority of the network's hash rate made the attacker's blocks effectively orphaned before irreversible confirmations could be completed," analysts noted.
In response to the exploit, Litecoin Core v0.21.5.4 has been released to address both the inflation bug and the mining node halt that contributed to the disruption. The network is now operating normally.
Key Takeaways:
- F2pool mined all 13 blocks on the valid Litecoin chain, resolving the split.
- An attacker exploited a vulnerability to forge a Pegout of 85,034 LTC.
- Litecoin Core v0.21.5.4 has been released to fix the issues caused by the exploit.
Post-Mortem on Litecoin's MWEB Exploit
Following the incidents, Litecoin developers released a detailed post-mortem report confirming two interconnected security events linked to a critical validation error in the MWEB. This error allowed an attacker to inflate and "peg out" 85,034 LTC in March 2026, which later triggered a 13-block reorganization of the blockchain in April.
The report highlighted that a missing metadata check during block connection was the root cause of the exploit. The attacker managed to use a malicious MWEB input to support a Pegout that was significantly inflated compared to its actual value.
In a coordinated effort, developers worked with major mining pools to contain the inflated outputs and released emergency updates to block the faulty inputs. The attacker eventually agreed to return the funds, with 84,184 LTC being sent back to a developer-controlled address, while 850 LTC were retained as a reward.
Key Takeaways:
- A validation error in MWEB allowed an attacker to inflate 85,034 LTC.
- The attacker returned the funds after negotiations with developers.
- Emergency updates were released to prevent further exploits.
Community Response and Network Stability
The community's reaction to the post-mortem was largely positive, with many praising the transparency and speed of the developers' response. Approximately 70% to 80% of feedback highlighted that the chain remained stable throughout the incident, and the public disclosure of the events helped to bolster trust rather than diminish it.
Litecoin has confirmed that the zero-day vulnerability that caused the 13-block reorganization has been patched, and the network is now stable. Users and node operators are advised to update to Litecoin Core v0.21.5.4 or higher to ensure proper synchronization and functionality.
Key Takeaways:
- The community responded positively to the developers' transparency.
- The network has been patched and is stable post-exploit.
- Users are encouraged to update their nodes to the latest version.
Sources:
