Skip to content

Instantly share code, notes, and snippets.

@ilyar
Created July 10, 2026 04:48
Show Gist options
  • Select an option

  • Save ilyar/0a67716c0b788337190e27f5f68dd72e to your computer and use it in GitHub Desktop.

Select an option

Save ilyar/0a67716c0b788337190e27f5f68dd72e to your computer and use it in GitHub Desktop.

Mimblewimble status in July 2026: active networks after three implementation failures

Status date: July 10, 2026

Litecoin MWEB, Grin, and Beam remain operational, and all three projects shipped new code in 2026. The same year also exposed serious implementation faults that could affect coin supply. Litecoin's fault was exploited on mainnet. Grin and Beam reported no evidence of exploitation, although Beam cannot yet prove historical supply integrity because legacy output values are private.123

Mimblewimble is not a network, company, or token. It is a transaction architecture implemented differently by each project. Its status therefore depends on the client, software version, incident history, network usage, and access through custodial services.

On July 10, 2026, the networks are active and the code is maintained. Use remains niche. Recent failures affected consensus validation and cryptographic code.

The Binance Academy article updated on June 25, 2026 still works as an introduction to Confidential Transactions, cut-through, Grin, Beam, and Litecoin MWEB. It is incomplete as a security status report. It does not cover the March and April Litecoin incidents or the March Grin disclosure, and it predates Beam's July 1 emergency hard fork.4123

Status by implementation

Implementation Network status on July 10, 2026 Latest release 2026 incident
Litecoin MWEB Active. A July 10 snapshot at 01:49 UTC showed 337,476.31788255 LTC in MWEB and 294 MWEB transactions during the previous 24 hours Litecoin Core 0.21.5.5, released May 6, 2026 A mainnet inflation exploit in March, followed by a 13-block invalid chain and reorganization in April
Grin Mainnet active and releases continuing Grin 5.5.0, released June 16, 2026 Three combined bugs could let a miner inflate supply. The project reported no evidence of use
Beam Network active after emergency hard fork HF6 Groovy Gluon 7.5.14493, released July 1, 2026 A Bulletproofs implementation error could permit a negative-value output and unauthorized supply creation

The release dates and Litecoin usage snapshot come from the project release pages and MWEB Explorer.5678

Litecoin MWEB: the exploit occurred on mainnet

In March 2026, Litecoin developers found a validation bug in MWEB inputs. A malicious block producer could supply metadata that did not match the MWEB UTXO being spent. Normal mempool and block-building paths performed part of the required validation, but block connection did not fully revalidate the supplied metadata.1

The flaw had already been used. At block height 3,073,882, an attacker created an inflated peg-out of 85,034.47285734 LTC. Miners temporarily froze the three transparent outputs that received the funds. The actor later signed a recovery transaction that returned the funds except for an agreed 850 LTC bounty. Charlie Lee purchased another 850 LTC to restore the full amount. The complete 85,034.47285734 LTC was then pegged back into MWEB, and the resulting MWEB output was frozen to restore MWEB's internal balance.1

A second actor or tester tried the original exploit path in April. Upgraded nodes rejected the invalid block, but mutated MWEB block data caused some mining RPC calls to hang. Unupgraded miners continued the invalid chain for 13 blocks. Upgraded pools later extended the valid chain until it overtook the invalid one, causing a reorganization. The Litecoin postmortem says NEAR Intents processed an 11,000 LTC swap from the invalid chain and THORChain processed a 10 LTC swap before the reorganization.1

Litecoin Core 0.21.5.5 added more MWEB input validation, checks for peg-ins and related state, safer amount and fee arithmetic, and better handling of mutated or invalid MWEB block data. The release page urges node operators and wallet users to upgrade, with particular emphasis on miners, pools, and MWEB users.5

MWEB is still used. MWEB Explorer showed a balance of 337,476.31788255 LTC and 294 MWEB transactions over the previous 24 hours at 01:49 UTC on July 10, 2026.6 That usage does not erase the incident. MWEB experienced an exploited consensus validation failure and then required coordinated miner action during the April invalid-chain event.

Litecoin MWEB is a live mainnet feature after a serious incident. Nodes and wallets should run Litecoin Core 0.21.5.5 or a later release.

Grin: an inflation path with no reported exploitation

Grin 5.4.0 fixed three bugs that became dangerous when combined:

  • commit_parse() discarded the return value from the C library and returned success for invalid input.
  • A parse failure left an uninitialized output buffer.
  • LLVM reused the same stack slot across loop iterations in release builds, allowing a failed parse to inherit the previous valid elliptic-curve point.

A miner could place 33 arbitrary bytes in a block as a fake output. A later block could spend that ghost output together with a real output. If the real commitment was parsed first, the failed ghost parse could reuse the same point, causing the input sum to count the real value twice. The attacker could then create a spendable output with an inflated value.2

Project participants said a scan of the full block history on archive nodes found no matching blocks. They also said the attack required mining a block, affected the vulnerable Rust stack, and should have been rejected by Grin++ nodes. These statements come from project participants in the Grin forum, not from a published independent audit.2

The forum also records that Grin council members approved a $70,000 payment to the researcher who privately reported the flaw.9

Grin 5.5.0 was released on June 16, 2026. Its release notes list a PIBD peer fix and corrected TUI server startup and shutdown handling.7

Grin's mainnet remains active. The disclosed inflation path is closed in updated clients, and the project reports no evidence that it was used.

Beam: emergency HF6 and an unresolved supply question

Beam developers received a private report on June 13, 2026 describing a flaw in Beam's Bulletproofs implementation. They fixed the code in a non-public branch, contacted major mining pools and exchanges, and activated HF6 at block 3,928,666. Release 7.5.14493 followed on July 1.38

The flaw was in the Fiat-Shamir transcript for the inner-product argument. The implementation obtained a challenge before exposing the corresponding L and R points, reversing the required order. The final L and R points were therefore not bound by a later challenge and could be modified after the other calculations. In theory, an attacker could construct an output with a negative amount and use it to balance another output with a positive amount, creating unauthorized supply.3

Beam's developers assess prior exploitation as unlikely. They scanned the blockchain history and found no pattern from a naive attack. That scan is not a proof of historical supply integrity. Beam's privacy model hides the values of legacy outputs, so the chain does not allow a direct public recount of those values.3

The team proposed a process called lustration. When a legacy output is spent for the first time, its amount and asset type would be disclosed once while the owner remained hidden. Nodes could track the disclosed totals and reject supply above the calculated maximum. Later transfers would return to normal privacy rules. On July 10, this remained a proposal and would require another network upgrade.3

Beam is active on HF6, and the known flaw is patched in version 7.5.14493. The project has not yet produced a cryptographic proof that the flaw was never used before the fork.

The reports do not show a common cryptographic break

The three incidents have different causes:

  • Litecoin MWEB failed to revalidate input metadata during block connection and later mishandled mutated block data.
  • Grin combined an ignored FFI error, uninitialized memory, and compiler stack-slot reuse.
  • Beam ordered elements incorrectly in a Bulletproofs Fiat-Shamir transcript.

These reports do not describe one attack against Mimblewimble's base algebra. They describe failures in separate implementations and code paths. That distinction does not make the incidents minor. Three supply-related failures across the main projects in one year show that the implementations were less mature than their age might suggest.

Privacy does not mean guaranteed anonymity

Mimblewimble hides transaction amounts, avoids ordinary reusable addresses, and removes intermediate history through cut-through. Those properties reduce the data available to a chain observer. They do not prevent every form of analysis.

A party that observes peer-to-peer traffic before transactions are aggregated may be able to reconstruct part of the transaction graph in some implementations. The Binance Academy article mentions this limitation.4

Litecoin peg-ins and peg-outs remain visible on the transparent chain. MWEB Explorer states that MWEB use is visible while internal details remain hidden.6 MWEB therefore provides more privacy than a normal Litecoin transaction, but it does not guarantee that a user cannot be traced through network data, timing, exchange records, or repeated behavior.

European Union rules from July 10, 2027

Regulation (EU) 2024/1624 applies from July 10, 2027. Article 79 prohibits credit institutions, financial institutions, and crypto-asset service providers from keeping anonymous crypto-asset accounts or accounts that allow anonymization of the holder or increased obfuscation of transactions, including through anonymity-enhancing coins.10

The regulation defines an "anonymity-enhancing coin" as a crypto-asset with built-in features designed to make transfer information anonymous, either systematically or optionally. Optional privacy therefore falls within the wording of the definition.10

The text targets regulated account providers rather than the protocol itself. Recital 160 says the prohibition does not apply to hardware and software providers or providers of self-hosted wallets when they do not have access to or control over the wallets.10 How supervisors apply the rule to a specific MWEB service will depend on the service design and later guidance.

Operational status

On July 10, 2026, Mimblewimble remains deployed in live networks. Developers still maintain the code, and users still make real transactions. Use is narrow, and the 2026 incidents make a low implementation-risk assessment hard to defend.

Current operators should use Litecoin Core 0.21.5.5 or later, Grin 5.5.0, and Beam 7.5.14493. A user should send an MWEB deposit to an exchange or other custodian only when that service explicitly lists MWEB as a supported deposit network.

The networks are active. The 2026 incidents were separate implementation failures rather than one common cryptographic break. Security still depends on the exact client, version, network upgrade rules, and code review behind each implementation.

Sources

Footnotes

  1. David Burkett, Litecoin Foundation, "Litecoin MWEB Security Incident Postmortem", April 28, 2026. 2 3 4 5

  2. Grin Forum, "New grin release 5.4.0 - important stability improvements", March 10-29, 2026. 2 3 4

  3. Beam, "Hard Fork Six", July 1, 2026. 2 3 4 5 6

  4. Binance Academy, "What Is Mimblewimble?", updated June 25, 2026. 2

  5. Litecoin Project, "Litecoin Core v0.21.5.5", May 6, 2026. 2

  6. MWEB Explorer, Litecoin MWEB statistics checked July 10, 2026 at 01:49 UTC. 2 3

  7. Grin Project, "v5.5.0", June 16, 2026. 2

  8. BeamMW, "HOTFIX - Groovy Gluon 7.5.14493", July 1, 2026. 2

  9. Grin Forum, "New grin release 5.4.0 - important stability improvements," page 2, April 12, 2026.

  10. European Union, Regulation (EU) 2024/1624, Articles 3, 79, and 90, and recital 160. 2 3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment