Litecoin Postmortem: MWEB Bug Let Attacker Fake 85,034 LTC Pegout Before Devs Froze Funds

Key Takeaways:

• A Litecoin MWEB validation bug let an attacker inflate and peg out 85,034 LTC in March 2026, but the actor returned the funds for an 850 LTC bounty.
• An April 2026 exploit attempt triggered a 13-block chain reorg, causing NEAR Intents to lose 11,000 LTC swapped for 7.78 BTC.
• Litecoin Core v0.21.5.4 patches both the inflation bug and the mining node stall that enabled the April reorg.

Litecoin Developers Release Postmortem After MWEB Bug Causes Chain Reorg

The postmortem identified the root cause as a missing metadata check during block connection. When an MWEB input spends a previous output, the metadata it carries must match the actual UTXO being consumed. That check existed in the mempool and block-building paths, but developers confirmed it was not fully enforced at the block connection stage.

Developers discovered the vulnerability through internal review on March 19. A chain scan showed exploitation had already occurred at block 3,073,882. The attacker used a malicious MWEB input whose real value was no more than 1.2084693 LTC to support a pegout of 85,034.47285734 LTC.

Developers said they coordinated privately with major mining pools to contain the inflated outputs before public disclosure. An emergency release, Litecoin Core 0.21.5, was pushed to miners to block new malformed inputs. A follow-up release, 0.21.5.1, added a historical exception for the already-accepted exploit block and temporarily froze the three transparent outpoints holding the attacker’s funds.

The actor attempted to spend at least one frozen output. Upgraded miners rejected the transaction. Developers then contacted the actor directly. The actor agreed to cooperate and signed a recovery transaction that returned 84,184.47278630 LTC to a developer-controlled address while keeping 850 LTC as an agreed bounty.

Litecoin founder, Charlie Lee, purchased the 850 LTC needed to make the MWEB balance whole. The full 85,034.47285734 LTC was pegged back into MWEB in a single transaction at block height 3,078,098, and the resulting MWEB output was frozen. No user funds were ultimately lost in the March incident.

According to the postmortem, a second attacker attempted the same exploit path in April, triggering a separate failure. Upgraded nodes rejected the malformed block, but the way mutated MWEB block data was handled caused certain mining RPC commands to hang, including the submitblock call. Upgraded mining nodes stalled while unupgraded miners continued extending the invalid chain.

The invalid chain grew to 13 blocks before upgraded miners coordinated to overtake it. The bad chain was reorged out, but several third-party systems had already processed activity on the invalid chain before the reorg completed.

NEAR Intents confirmed the attacker swapped 11,000 LTC for 7.78814476 BTC before the reorg completed. Those 11,000 LTC were no longer present on the valid chain after the reorg, leaving NEAR Intents with a confirmed loss. Thorchain reported a separate loss after the attacker swapped 10 LTC for 0.00719957 BTC through its bridge before the reorg.

Litecoin Core 0.21.5.4 addressed the mutated-block stall by erasing stored block data for blocks classified as mutated, allowing valid data for the same block hash to be accepted later. The release was built and deployed publicly on April 25.

The postmortem blogpost acknowledged several failures in the response, including that MWEB validation relied too heavily on checks that were not applied at block connection, that the recovery required multiple staged miner releases each carrying coordination risk, and that the April mutated-block failure mode had not been tested against mining RPC behavior.

Community sentiment following the postmortem X post was largely supportive, with roughly 70% to 80% of replies citing appreciation for the team’s transparency and speed. Several responses noted that the chain itself held firm and that public disclosure built rather than damaged trust.

Users and node operators are advised to upgrade to Litecoin Core v0.21.5.4 or later, verify that their node is syncing normally, and reindex if the node remains stuck after a restart. The postmortem follows Litecoin’s recent post about doing better when it comes to posting on X. “Those in charge of posting from this [X] handle will do better in the future,” the official Litecoin X account wrote after the account was accused of being “childish” earlier in the week.