Litecoin suffered a deep chain reorganization (or "reorg") on Saturday after attackers exploited a zero-day vulnerability tied to its MimbleWimble Extension Block (MWEB) privacy layer, the Litecoin Foundation said in an X post on Saturday afternoon.

The bug allowed mining nodes running older software to validate an invalid MWEB transaction, letting whoever crafted it peg coins out of the privacy extension and route them to third-party decentralized exchanges, the Foundation said. Major mining pools were also hit by a denial-of-service attack tied to the same flaw.

Aurora Labs CEO Alex Shevchenko called it a "coordinated attack" in a post on X. Shevchenko said the fork ran from block 3,095,930 to 3,095,943 and took more than three hours to produce, during which attackers performed double-spend attacks against multiple cross-chain swapping protocols that had accepted the now-orphaned MWEB peg-outs.

The Foundation's note emphasizes that the offending transactions were ultimately erased from Litecoin's history, while valid transactions during that period remain unaffected. The Foundation also said the vulnerability has been fully patched, though some trading venues have reported losses from the incident. 

"The exposure for NEAR Intents is around $600k," Shevchenko wrote on X. "We recommend all trading venues for LTC to audit the transactions and holdings. We see a lot of double spend transactions."

Saturday's incident is the first known attack targeting MWEB since Litecoin activated the privacy extension via soft fork in May 2022. MWEB lets users move LTC from the transparent base chain into a confidential side-chain via peg-in and peg-out transactions, with the extension responsible for validating coin conservation between the two layers each block.

A bug producing a valid-looking but unauthorized peg-out lets an attacker effectively summon LTC onto the main chain until honest nodes reject the offending block. The Foundation did not name the affected pools and did not disclose how much LTC the invalid MWEB transactions created.

LTC traded near $56.00 around 4:30 p.m. ET, down about 1% on the day and showing no immediate market reaction to the disclosure, according to The Block's Litecoin Price page. The token is down nearly 25% year-to-date.

The incident lands during a punishing stretch for crypto security. DeFi protocols have lost over $750 million to exploits in 2026 through mid-April, including the $292 million Kelp DAO bridge drain on April 19 and a $285 million attack on Solana-based perpetuals platform Drift on April 1. Most of those incidents involved cross-chain infrastructure, the same surface the Litecoin attackers reportedly used to take their gains off the affected chain before the reorg.

The Litecoin Foundation did not immediately respond to a request for comment.