- Less than 30% of tracked Litecoin nodes have installed a security patch released nearly two months ago to prevent a critical double-spend bug.
- The vulnerability in the MimbleWimble privacy layer allowed an attacker to attempt a double-spend in April, requiring a 13-block emergency reorganization.
- Most mining nodes have updated, but 39% of reachable nodes still run the vulnerable v0.21.4 software, leaving the network exposed.
- A post-incident review showed adoption was only 23% two weeks after the patch’s release, highlighting slow network response.
A Hacker attempted to double-spend Litecoin in late April, but an emergency chain reorganization thwarted the attack. Despite developers releasing critical patches, most of the network’s nodes have failed to update their software.
According to node tracking data, less than 30% are running the patched version. Consequently, the majority of validating nodes remain vulnerable to the same exploit that triggered April’s incident.
The bug existed within the Litecoin Core software’s handling of MimbleWimble Extension Block (MWEB) transactions. This privacy feature, activated in 2022, allowed a malformed transaction to create illegitimate coins.
Developers released an initial fix, v0.21.5.4, immediately after the attack. They followed with a more comprehensive consensus patch, v0.21.5.5, in early May to harden validation.
However, a post-incident review noted adoption was a meager 23% after nearly two weeks. The official Litecoin account admitted the zero-day bug caused a denial-of-service attack.
Founder Charlie Lee also posted about the double-spending attempt. Meanwhile, the $3.4 billion network’s long-term security hinges on updates most operators continue to ignore.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
