Litecoin's privacy layer was attacked using a vulnerability that had been patched in private 37 days earlier - cross-chain swaps lost ~$600,000

Litecoin's privacy add-on, called MWEB, was attacked over the weekend in a way that forced the network to rewind 13 blocks of history (about 32 minutes) to undo invalid transactions. The interesting part for non-crypto people: developers had quietly fixed the bug between March 19 and 26 but never required mining pools to actually deploy the fix. Some pools updated, some didn't. Attackers waited 37 days and exploited the gap between patched and unpatched nodes, draining roughly $600,000 from cross-chain swap protocols including NEAR Intents. The pattern - quiet fix followed by slow rollout - is the same coordination failure that bites every distributed system, not just blockchains.

Check

Audit your patch coordination process: when a critical vulnerability is privately fixed, do you require all affected operators to deploy it or just publish the fix and hope?

Affected

Distributed systems where some nodes can be patched while others continue running vulnerable code without breaking the network - blockchains, federated services, mesh networks, multi-tenant SaaS with on-prem agents. Cross-chain bridges and DEX protocols are exposed when one chain's nodes disagree about transaction validity.

Fix

When shipping a critical patch, treat 'we shipped the fix' and 'all affected operators deployed it' as separate milestones with separate metrics. For products you depend on, watch for vendor advisories that mention private fixes shipped earlier than the public disclosure. Monitor cross-chain exposure if your treasury or DeFi positions touch Litecoin or related protocols. Check that vendors have a process for requiring updates.