Litecoin bug created 85K LTC — but cross-chain systems took the real hit

A newly published postmortem has revealed that a critical bug in Litecoin's privacy layer allowed an attacker to create over 85,000 LTC earlier this year.  While the core network ultimately contained the issue, the incident exposed a deeper risk — one that hit cross-chain protocols harder than Litecoin itself. Inflation bug exploited, then contained According to the report released on 28 April, the vulnerability was tied to Litecoin's Mimblewimble Extension Block [MWEB]. A validation flaw allowed mismatched transaction metadata to pass checks during block processing.  This enabled an attacker to construct a malicious block and generate an inflated peg-out of 85,034 LTC. Developers identified the issue in March after scanning the chain and confirming that the exploit had already occurred. Crucially, the funds had not yet been widely dispersed. In response, mining pools coordinated to freeze the affected outputs and prevent further movement. The attacker later cooperated, signing a recovery transaction that returned the majority of the funds, minus an agreed 850 LTC bounty.  The recovered amount was then rebalanced back into MWEB and effectively neutralized. As a result, no confirmed user funds were lost during the initial exploit. April reorg reveals deeper risk The situation escalated in April when a second attempt to exploit the same vulnerability triggered an unexpected failure mode. Although upgraded nodes correctly rejected the malicious block, a separate issue caused some mining nodes to stall when handling mutated block data.  This allowed unupgraded miners to continue extending an invalid chain, which grew to 13 blocks before being overtaken and removed by upgraded miners. Importantly, this was not a rollback of valid blockchain history, but rather a reorganization that eliminated an invalid chain produced under outdated rules. However, the temporary divergence had real consequences beyond Litecoin's core network. Cross-chain protocols bear the losses While Litecoin itself recovered, some external systems processed transactions on the invalid chain before the reorg was completed. These included cross-chain and swap infrastructure such as NEAR Intents and THORChain. Assets were exchanged based on transactions that later ceased to exist on the valid chain. This resulted in measurable losses for those platforms. A contained bug with wider implications Litecoin developers have since released fixes addressing both the original validation flaw and the subsequent node-handling issue. The network has resumed normal operation, and the MWEB balance has been fully restored. Still, the postmortem points to deeper structural challenges. The response relied heavily on rapid miner coordination and staged emergency updates — a process that, while effective, introduces operational risk during critical incidents. More importantly, the episode underscores how vulnerabilities in one network can cascade into others. Final Summary Litecoin contained a critical inflation bug that briefly created 85K LTC, with funds largely recovered through coordinated network action. Cross-chain protocols took the hit, processing invalid transactions before a 13-block reorg, highlighting growing risks at the edges of DeFi infrastructure.