Flow Details December Exploit that Led to $3.9M in Counterfeit Token Losses
Flow detailed a December 27 exploit where a flaw in the Cadence runtime allowed an attacker to counterfeit $3.9M in tokens.Summary
The Flow Foundation released a post-mortem on a protocol-level exploit from December 27, where an attacker exploited a flaw in Flow’s Cadence runtime to duplicate assets, resulting in approximately $3.9 million in losses from counterfeit tokens. The exploit bypassed supply controls by duplicating assets rather than minting them, though no existing user balances were drained. Validators halted the network within six hours, and exchanges froze most counterfeit assets before they could be sold. The network resumed operations two days later under an "isolated recovery" plan that preserved legitimate history and allowed for the destruction of counterfeit assets via governance. Flow has since patched the vulnerability, enhanced runtime checks, and plans to strengthen monitoring and bug-bounty programs. The exploit caused the FLOW token to plunge nearly 40% immediately following the incident.
(Source:Cointelegraph)