GitHub Records Contradict Litecoin Foundation: Consensus Bug Patched Weeks Before Weekend Attack

Litecoin's foundation is facing questions about transparency after GitHub records directly contradicted its characterization of a weekend exploit as a zero-day vulnerability. An examination of the litecoin-project repository shows the consensus vulnerability was privately patched between March 19 and 26—more than four weeks before the attack that triggered a 13-block chain reorganization.

The technical details of the incident underscore the severity of the exploit. Attackers successfully executed a chain reorganization, effectively rewriting transaction history on a live cryptocurrency network. For such an attack to succeed against a mature blockchain required either significant computational power or an intimate understanding of the network's consensus rules. The fact that a patch existed before the exploit raises the question of whether users and node operators were adequately informed about the risk during that four-week window.

The credibility gap between the foundation's public statement and the documented commit history has broader implications. In cryptocurrency systems, trust depends heavily on the perceived integrity of development teams and their commitment to public disclosure of vulnerabilities. When a fix is deployed privately while the public characterization frames an attack as an unavoidable zero-day, it complicates the ecosystem's ability to assess genuine risk and respond appropriately. The incident puts pressure on how cryptocurrency foundations manage the balance between responsible disclosure timelines and transparency obligations to their user base.