Litecoin Network Hit by Zero-Day Attack, $600K in Double-Spending Exposed

Litecoin Network Hit by Zero-Day Attack, $600K in Double-Spending Exposed

Autor: Mining Provider Editorial Staff

Veröffentlicht:

Kategorie: News

Zusammenfassung: The Litecoin network suffered a Zero-Day attack that enabled double-spending, resulting in $600,000 in losses; however, the vulnerability has since been fixed and operations restored. Concerns about potential insider knowledge have emerged due to suspicious funding of the attacker's wallet prior to the exploit.

Litecoin Network Affected by Zero-Day Attack in Coordinated Double-Spending Incident

The Litecoin network recently experienced a significant security breach due to a Zero-Day vulnerability that allowed attackers to execute double-spending across multiple decentralized exchange (DEX) protocols. This incident was confirmed by NEAR Intents, which reported a financial exposure of approximately $600,000, assuring users that they would be fully compensated for their losses.

The attack involved a 13-block reorganization that took over three hours to complete, effectively reversing all invalid transactions on the blockchain. The vulnerability was linked to the MWEB (Mimblewimble Extension Blocks) privacy transaction layer of Litecoin, which allowed non-upgraded mining nodes to accept invalid MWEB transactions. Consequently, attackers were able to link coins to third-party DEXs.

"The DoS attack and the MWEB bug were two separate but coordinated mechanisms," stated Alex Shevchenko, a developer at Aurora, raising concerns about the nature of the attack.

Key facts from the official Litecoin update include:

  • A Zero-Day bug caused a denial-of-service attack that disrupted major mining pools.
  • Invalid MWEB transactions enabled coins to be linked to third-party DEXs.
  • A 13-block reorganization reversed all invalid transactions from the main chain.
  • All valid transactions during the period remain completely unaffected.
  • The bug has been fixed, and the network is operating normally.

In summary, the Litecoin network faced a serious threat from a Zero-Day vulnerability that allowed for double-spending, resulting in significant financial implications for NEAR Intents. However, the network has since been restored to normal operations following the implementation of a fix.

Concerns Over Potential Insider Knowledge

Following the attack, questions have arisen regarding the possibility of insider knowledge related to the vulnerability. Shevchenko highlighted that the attacker's wallet was funded 38 hours prior to the exploit via Binance, suggesting a level of premeditation. Furthermore, he pointed out that the denial-of-service attack and the MWEB bug were executed in a coordinated manner, raising suspicions about the awareness of certain miners regarding the upgrade status of their nodes.

Shevchenko's concerns include:

  • The automatic recovery process indicates that upgraded nodes existed, implying prior knowledge of the bug.
  • RPC providers like QuickNode were reportedly not informed, despite miners being up to date.
  • There is speculation that the attacker may have known which miners had upgraded and which had not.

In conclusion, the Litecoin incident has not only raised alarms about security vulnerabilities but also about the potential for insider involvement. The core Litecoin team has yet to address these allegations directly, leaving the community with lingering questions.

Sources: