The Flow Foundation published a technical postmortem on Tuesday detailing a protocol-level exploit that occurred on December 27, when an attacker was able to create fake tokens on the network, resulting in the loss of approximately $3.9 million before the exploit was overcome.
according to reportThe attacker exploited a flaw in Flow’s Cadence runtime that allowed certain assets to be duplicated instead of minted, bypassing supply controls without accessing or depleting existing user balances. Validators coordinated the halt of the network within six hours of the first malicious transaction, while exchange partners froze most of the counterfeit assets before they could even be sold.
Flow said the temporary outage has put the network in read-only mode to isolate exit paths and prevent further duplication while the case is investigated. Operations resumed two days later under a “separated recovery” plan, which preserved legitimate transaction history and authorized the recovery and permanent destruction of counterfeit assets through a regime-approved process.
The Flow Foundation, which supports the Flow network, said that no existing user balances were compromised, as duplicate assets were exploited instead of funds being withdrawn from accounts. A limited number of accounts that had interacted with the counterfeit tokens were temporarily banned as a precaution, while more than 99% of accounts retained full access during and after the recovery.
While the attacker generated a large amount of counterfeit tokens on the chain, Flow said the vast majority were controlled or frozen before liquidation.
The foundation said it has since fixed the underlying vulnerability, added stricter runtime checks and expanded regression testing to prevent similar exploits. It is also working with forensic partners and law enforcement and plans to strengthen monitoring and bug-bounty programs as part of broader security hardening.
Connected: NFTs shift towards utility and culture as price drops in 2025
Flow after NFT meltdown
Dapper Labs, creator of the non-fungible token project CryptoKitties, announced The development of Flow in September 2019 as a new layer 1 blockchain designed to address the scalability challenges faced by consumer applications such as games and digital collectibles.
Early success with NBA Top Shot, an NFT platform for trading officially licensed NBA video highlights, helped bring mainstream attention to the Flow blockchain in 2020 and 2021. Against this backdrop, the network’s Flow token surged to more than $40 in 2021. data From CoinGecko.
The momentum of the flow continued into 2022, where the project raised approximately $725 million from investors including Andreessen Horowitz (A16Z) and Union Square Ventures to support the development of the ecosystem.
As activity in the NFT market cooled off in the following years, Flow Token also lost momentum and has since fallen out of the top 300 cryptocurrencies by market capitalization.
The decline accelerated after the December 27 hack, when flows fell nearly 40% in five hours.
The token subsequently fell to a low of $0.075 on January 2 before recovering. At the time of writing it was trading near $0.10, up nearly 16% in the past 24 hours, according to Cointelegraph data.
magazine: Big Questions: Will Bitcoin Survive 10 Years of Power Outages?
