For 2 years, Litecoin’s social media managers laughed at Solana’s blockchain outages. This weekend, they needed to eat their very own phrases as Litecoin’s blockchain suffered its personal denial-of-service and double-spending assault.
Repeated Solana outages drew smug chuckles from Litecoin. Not like Solana, in response to its sustained declarations, Litecoin doesn’t have outages.
On Saturday, that speaking level died. Litecoin positively had an outage, in addition to a double-spending downside.
A consensus bug in Litecoin’s privateness improve let an attacker mint invalid cash. Trying to double-spend as shortly as attainable, the attacker quickly traded LTC for different digital belongings at crypto exchanges earlier than trustworthy miners may cease the gross sales.
Its blockchain cut up. Ultimately, miners rolled-back transactions, creating about 32 minutes of de facto downtime.
Curiously, because of the unusually sluggish mining instances through the assault, it truly took over three hours in real-time for the community to provide the 13 alternative blocks that will have usually consisted of simply 32 minutes value of transactions.
Anyway, the Litecoin Basis then defined its 13-block reorganization to its personal followers.
No extra 100% uptime
Simply weeks earlier, Litecoin boasted of its “100% uptime,” claiming its blockchain “100% works” after being “100% battle-tested.”
Litecoin’s account spent 2024 and 2025 laughing at Solana’s issues with out fixing its personal.
When Solana scheduled upkeep for a weekend in June 2025, Litecoin instructed the Solana account, “This way you can schedule your outages for the weekends. Good call.”
It replied to a different Solana standing replace with one phrase, “Downtime.”
When the 2 networks signed a tongue-in-cheek ceasefire later that month, the inspiration’s joke model had Litecoin promising to cease “mocking Solana for six hours and Solana will just continue to not do anything.”
Litecoin and Solana downtimes
The Litecoin vulnerability lived in MWEB, Litecoin’s Mimblewimble-based confidential transaction extension. Aurora Labs CEO Alex Shevchenko, whose chain ingests LTC through NEAR Intents, documented the exploit in actual time.
The attacker submitted a malformed MWEB peg-out. Non-upgraded Litecoin mining nodes accepted it as legitimate, releasing artificial cash into the common Litecoin blockchain.
The attacker then bridged the proceeds by means of THORChain and NEAR Intents to swap for ether.
Trustworthy miners working the patched 0.21.5.4 shopper rejected the attacker’s blocks. From there, the 2 forks raced.
After a number of hours, the patched chain finally gained heavier proof-of-work and the community re-organized blocks 3,095,930 by means of 3,095,943 out of existence.
Though the reversed transaction time window was solely 32 minutes, it took almost three hours to truly reverse these minutes, as a result of hashpower was cut up between trustworthy and exploited nodes.
The patch was on GitHub for a month
Dragonfly Managing Accomplice Haseeb Qureshi famous that the Litecoin double-spending bug was “known, but the fix was not fully propagated.”
Certainly, the underlying consensus repair had sat in a personal GitHub department for about 30 days.
A safety researcher questioned that uneven disclosure window, which gave insiders a month-long head begin. A number of main mining swimming pools, apparently, by no means put in the general public launch in time.
For non-insiders, the general public Litecoin Core 0.21.5.4 launch shipped on Saturday, shortly after the assault had begun.
