Aave Outlines Steps to Rebuild rsETH Collateral
Aave outlines urgent recovery steps for rsETH collateral after exploit
CryptoPotato1 min read
Litecoin Publishes Full Zero-Day Report: The Truth Behind the 85,000 'Fake' LTC and the Secret Hacker Deal
TL;DR
Litecoin developers released a report detailing a zero-day attack that created 85,000 'fake' LTC due to a bug in the MWEB privacy protocol. The hacker returned the funds for a reward of 850 LTC, but a subsequent attack caused instability in the network and affected other blockchain protocols.
Key points
- Litecoin developers published a report on a zero-day attack.
- A bug in MWEB allowed the creation of 85,034 fake LTC.
- The hacker returned the funds for a reward of 850 LTC.
- A second attack caused instability and affected other blockchain networks.
- Litecoin Core 0.21.5.4 was released to close the vulnerability.
Mentioned in this story
Charlie Lee
MWEBNEAR IntentsTHORChain
Two days later, Litecoin developers published a final report on two critical incidents related to the MWEB privacy protocol that made the April zero-day attack possible. This is a story of how the same flaw first led to the hidden creation of 85,000 "fake" LTC and then, a month later, triggered failures in other blockchain networks. It all started when a hacker discovered a bug in MWEB (MimbleWimble Extension Block) data validation. This allowed them to execute a "peg-out" operation, withdrawing from the confidential block into the main network, turning a small amount into a massive 85,034 LTC, effectively created out of thin air. Developers and miners acted quickly, and the funds were frozen before they could be cashed out. Instead of a prolonged conflict, the parties reached a peaceful resolution, as the hacker agreed to return the funds in exchange for a legal reward of 850 LTC. To ensure the system balanced perfectly, Litecoin creator Charlie Lee personally purchased these 850 LTC to cover the hacker's bounty.
— Litecoin (@litecoin) April 28, 2026
Shockwave effect: Why internal fix didn't prevent April incident
It seemed the issue was resolved, but in April, a second attack occurred using the same method. This time, updated network nodes were able to detect and block the attack, but it triggered a technical collapse. Due to a code error, mining equipment began to freeze while attempting to process invalid data. The network split, resulting in a rollback of 13 blocks. This is where the most critical and dangerous aspect of the situation emerged. While the Litecoin network was destabilized, automated cross-chain protocols managed to accept transactions from invalid blocks. As a result:
- NEAR Intents suffered losses of 7.78 BTC.
- THORChain lost about 0.007 BTC. At this point, Litecoin Core 0.21.5.4 has been released, fully closing the vulnerability. The network is stable, but the incident clearly demonstrated how fragile interconnections between blockchains can be during periods of stress. Even though Litecoin itself protected its users and reached an agreement with the initial , it did not prevent external DeFi protocols from absorbing the shockwave caused by the network reorganization.
Q&A
What caused the creation of 85,000 fake LTC in Litecoin?
A bug in the MWEB privacy protocol allowed a hacker to execute a 'peg-out' operation, resulting in the creation of 85,034 LTC.
How did Litecoin resolve the situation with the hacker?
Litecoin reached a peaceful resolution where the hacker agreed to return the funds in exchange for a legal reward of 850 LTC.
What were the consequences of the April attack on Litecoin's network?
The attack caused a network split and a rollback of 13 blocks, leading to losses for external DeFi protocols like NEAR Intents and THORChain.
