The vulnerability allowed mining nodes running outdated software to validate unauthorized MWEB transactions, enabling attackers to extract coins from the privacy extension and route them to cross-chain swapping protocols via peg-out transactions. Mining pools were simultaneously targeted with denial-of-service attacks exploiting the same flaw. During the reorganization window, attackers executed double-spend attacks against multiple protocols, including NEAR Intents, which suffered approximately $600,000 in losses.
The Litecoin Foundation confirmed that all offending transactions were erased from the network's history, with valid transactions during that period unaffected. The vulnerability has been fully patched. LTC traded near $56.00 at the time of disclosure, down roughly 1% on the day and 25% year-to-date, with no immediate sharp market reaction reported.
Saturday's incident marks the first known attack targeting MWEB since Litecoin activated the privacy extension via soft fork in May 2022. MWEB enables users to move LTC from the transparent base chain into a confidential side-chain through peg-in and peg-out transactions. The Foundation did not disclose the total amount of unauthorized LTC created or name the affected mining pools. The attack underscores ongoing security challenges across the crypto industry, with DeFi protocols suffering over $750 million in losses through mid-April 2026, including the $292 million Kelp DAO bridge exploit and the $285 million Drift attack.