Web3

Litecoin Rolls Back 13 Blocks After MWEB Privacy Layer Exploit

A zero-day in Litecoin's MimbleWimble Extension Block let attackers slip an invalid MWEB peg-out past outdated mining nodes, triggering a 13-block reorg that wiped roughly three hours of history.

BlockAI News

BlockAI News

1 min read
Litecoin chain icon being unwound, with a privacy shield cracked at the edge.
A 13-block reorg undid a zero-day MWEB exploit and the double-spends that came with it.

The Litecoin network performed a deep 13-block chain reorganization over the weekend, undoing roughly three hours of history after attackers exploited a zero-day in its MimbleWimble Extension Block (MWEB) privacy layer.

What broke

According to The Block, the bug let mining nodes running outdated software accept a malformed MWEB transaction as valid, which the attacker used to peg coins out of the privacy extension and route them to third-party DEXs. The fork ran from block 3,095,930 to 3,095,943 and persisted for more than three hours, during which the exploiter executed double-spend attacks against multiple cross-chain swap protocols that had credited the now-orphaned peg-outs.

Containment and damage

NEAR Intents initially flagged about $600,000 in exposure and said it would cover any user losses. With Litecoin confirming the invalid transactions were reversed and stripped from the canonical chain, settled losses may end up materially lower. The vulnerability has been patched, and Litecoin developers urged every node operator and mining pool to upgrade immediately.

Litecoin rewrites three hours of history to undo its first major privacy-layer exploit
The Block details the MWEB zero-day, the 13-block reorg and the double-spend fallout on third-party DEXs.
The Block

BlockAI's Take

Reorgs of this depth on a top-25 chain are rare for a reason — they're a blunt tool, and they re-open uncomfortable governance questions about who decides when "history" gets rewritten. The honest read here is that the social layer worked: miners coordinated, the patch shipped, exchanges paused, and a privacy-layer flaw didn't become a permanent loss. The cost is a fresh data point that any privacy extension grafted onto a base chain inherits the base chain's upgrade discipline.

Daily Web3 × AI intel, straight to your inbox. Subscribe to BlockAI News.

How we report: This article cites primary sources, regulatory filings, and on-chain data where available. BlockAI News uses AI tools to assist with research and first-draft generation; every article is reviewed and edited by a human editor before publication. Read our full How We Report page, Editorial Policy, AI Use Policy, and Corrections Policy.

Keep Reading

Morgan Stanley Brings Crypto to E*Trade With 50 bps Fee Structure

Morgan Stanley Brings Crypto to E*Trade With 50 bps Fee Structure

Morgan Stanley is quietly piloting direct cryptocurrency trading inside its E*TRADE brokerage platform, charging a 50-basis-point fee on transactions, Bloomberg reported on May 7. The development marks one of the most significant moves by a bulge-bracket bank to embed spot crypto execution directly into a mass-market retail brokerage — not through an ETF wrapper or a third-party referral, but as a native trading product sitting alongside equities and options.

E*Trade, which Morgan Stanley acquired in 2020 for roughly $13 billion, serves an estimated 5–

Read full story →

More from BlockAI News

White House Eyes July 4 Deadline for Landmark Crypto Market Bill

White House Eyes July 4 Deadline for Landmark Crypto Market Bill
DTCC Taps High-Performance L1s to Put Corporate Actions On-Chain

DTCC Taps High-Performance L1s to Put Corporate Actions On-Chain
AI Agents Could Kill Internet Advertising, Says Coinbase Engineer

AI Agents Could Kill Internet Advertising, Says Coinbase Engineer
Reid Hoffman: NFTs Are AI's Missing Trust Layer

Reid Hoffman: NFTs Are AI's Missing Trust Layer

Stay Ahead of the Market

Daily AI & crypto briefings — straight to your inbox, your phone, and your timeline.

Subscribe Newsletter Join Telegram Follow on X