1 month ago
The Flow Foundation connected Tuesday published a method post-mortem detailing a protocol-level exploit that occurred connected Dec. 27, erstwhile an attacker was capable to counterfeit tokens connected the network, resulting successful astir $3.9 cardinal successful confirmed losses earlier the exploit was contained.
According to the report, the attacker exploited a flaw successful Flow’s Cadence runtime that allowed definite assets to beryllium duplicated alternatively than minted, bypassing proviso controls without accessing oregon draining existing idiosyncratic balances. Validators coordinated a web halt wrong six hours of the archetypal malicious transaction, portion speech partners froze astir counterfeit assets earlier they could beryllium sold.
Flow said the impermanent halt placed the web into a read-only mode to sever exit paths and forestall further duplication portion the contented was investigated. Operations resumed 2 days aboriginal nether an “isolated recovery” program that preserved morganatic transaction past and authorized the betterment and imperishable demolition of counterfeit assets done a governance-approved process.
Source: Flow BlockchainThe Flow Foundation, which supports the Flow network, said nary existing idiosyncratic balances were compromised, arsenic the exploit duplicated assets alternatively than removing funds from accounts. A constricted fig of accounts that interacted with counterfeit tokens were temporarily restricted arsenic a precaution, portion much than 99% of accounts retained afloat entree during and aft the recovery.
While the attacker generated a ample measurement of counterfeit tokens onchain, Flow said the immense bulk were contained oregon frozen earlier liquidation.
The Foundation said it has since patched the underlying vulnerability, added stricter runtime checks and expanded regression investigating to forestall akin exploits. It besides is moving with forensic partners and instrumentality enforcement and plans to fortify monitoring and bug-bounty programs arsenic portion of broader information hardening.
Related: NFTs shifted to inferior and civilization arsenic terms faded successful 2025
Flow’s post-NFT downturn
Dapper Labs, the creators of the non-fungible token task CryptoKitties, announced the improvement of Flow successful September 2019 arsenic a caller furniture 1 blockchain designed to code scalability challenges facing user applications specified arsenic games and integer collectibles.
Early occurrence with NBA Top Shot, an NFT level for trading officially licensed NBA video highlights, helped bring mainstream attraction to the Flow blockchain successful 2020 and 2021. Against this backdrop, the network’s FLOW token surged past $40 successful 2021, according to data from CoinGecko.
Flow’s momentum carried into 2022, wherever the task raised astir $725 cardinal from investors, including Andreessen Horowitz (a16z) and Union Square Ventures, to enactment ecosystem development.
As enactment crossed the NFT marketplace cooled successful the years that followed, the FLOW token besides mislaid momentum and has since fallen extracurricular the apical 300 cryptocurrencies by marketplace capitalization.
The diminution accelerated pursuing the Dec. 27 hack, erstwhile FLOW plunged by astir 40% implicit 5 hours.
The token aboriginal slid to a debased of $0.075 connected Jan. 2 earlier opening to recover. It was trading adjacent $0.10 astatine the clip of writing, up astir 16% implicit the past 24 hours, according to Cointelegraph data.
Source: CoinGeckoMagazine: Big questions: Would Bitcoin past a 10-year powerfulness outage?
English (US) 