Litecoin was hit by a bug this past weekend that allowed an attacker to transfer digital assets to a decentralized exchange, prompting the network to carry out a so-called reorganization to prevent anyone from profiting from the latest crypto vulnerability.
The process, commonly referred to as a "reorg," effectively erased faulty transactions from the network. The incident stemmed from a security flaw in Litecoin's MimbleWimble Extension Block (MWEB) privacy layer, according to the digital asset's official X account in a post on Saturday.
With Litecoin blocks produced every 2.5 minutes on average, a 13-block reorg essentially rewrote approximately 30 minutes of the network's transaction history. Eventually, entities mining Litecoin adopted a version of the blockchain in which the exploit had never occurred.
The official Litecoin X account summarized the situation: "A zero-day bug caused a DoS attack that disrupted major mining pools. Non-updated mining nodes allowed an invalid MWEB transaction allowing them to peg out coins to third party DEX's. A 13-block reorg reversed those invalid transactions."
Although the attacker was ultimately stopped, they had taken advantage of what Litecoin's team described as a previously unknown vulnerability that allowed them to "peg out" coins from MWEB. The bug also enabled the bad actor to disrupt mining pools through a denial-of-service attack.
The MWEB privacy feature — which includes an opt-in privacy layer referencing "Harry Potter" — was first proposed in 2019.
In the aftermath of the reorg, Litecoin posted and later deleted communications that many found dismissive of the severity of the incident. In one since-deleted X post, Litecoin said the network's plumbing "was working throughout the entire process," and that reorgs naturally purge faulty transactions, effectively sending them "through the poop shoot [sic] like they were never there."
The flippant tone drew criticism from Taylor Monahan, an on-chain investigator and prominent security expert, who warned in an X post that crypto projects should not adopt a breezy attitude when addressing technical issues that put users' funds at risk. Monahan wrote: "Yes @Litecoin if you delete it it just goes away working as intended no issues here it's a feature not a bug. Fuck off."
Litecoin acknowledged in a follow-up X post on Monday that it had deleted those communications, apologizing for attempting to be humorous about the incident.
This is not the first time Litecoin's social media presence has attracted attention. When Solana suffered network congestion and degraded performance in January 2025, Litecoin's X account called Solana "literally the pimple on crypto's ass."
Aurora Labs CEO Alex Shevchenko speculated in an X post that the attack was coordinated. In a separate post, he estimated that NEAR Intents, a multi-chain protocol, had faced around $600,000 in potential exposure. Shevchenko also questioned whether the bug had truly gone undetected, noting that some miners were already running software in which the vulnerability had been patched.
Reorgs are possible on proof-of-work networks such as Bitcoin. The longest reorg in Bitcoin's history rolled back 53 blocks in 2010, according to Bitcoin Magazine. At the time, a faulty transaction had created 184 billion Bitcoin, which were subsequently wiped from the record.
As of Monday, Litecoin had a total market capitalization of approximately $4.2 billion, ranking it as the 25th largest cryptocurrency, according to CoinGecko. The digital asset's price peaked near $410 roughly five years ago and was recently trading around $55.35, down about 1% over the prior 24 hours.
Why it matters
A zero-day flaw in Litecoin's MWEB privacy layer allowed non-updated mining nodes to process an invalid transaction, enabling coins to be pegged out to a third-party decentralized exchange. Miners ultimately adopted a version of the blockchain in which the exploit had never occurred, effectively reversing the affected transactions.
When a privacy-layer bug is exploited on a proof-of-work network, an attacker can move funds to external venues such as decentralized exchanges, illustrating how unpatched nodes can expose the broader network to invalid transactions.
Litecoin's decision to post and then delete dismissive communications about the incident drew public criticism from security researchers, highlighting the importance of transparent, measured official responses when user funds are potentially at risk.
