On December 27, 2025, the Flow network suffered an attack targeting a Cadence virtual machine type obfuscation vulnerability, resulting in the illegal issuance of tokens. Attackers exploited a complex "three-part vulnerability chain" to bypass resource linearity guarantees, disguising resource objects as structures for duplication. The incident caused approximately $3.9 million in actual economic losses, with funds flowing out through cross-chain bridges such as Celer and deBridge. According to Flow monitoring, the attackers created a total of 87.96 billion FLOW tokens and various other tokens, of which 1.094 billion FLOW tokens were transferred to centralized exchanges. Thanks to the validators' timely shutdown and cooperation with OKX, Gate.io, and MEXC, approximately 98.7% of the illicit assets were frozen on-chain or on exchanges, and approximately 484 million FLOW tokens were destroyed. The network was restored on December 29 through the "Isolation Recovery Plan," and comprehensive patches covering parameter validation, runtime checks, and contract deployment logic have been deployed.
Flow released its technical recap report on the security incident on December 27, 2025.
2026-01-06 16:46:16
Share
Disclaimer: This article is copyrighted by the original author and does not represent MyToken’s views and positions. If you have any questions regarding content or copyright, please contact us.(www.mytokencap.com)contact
About MyToken:https://www.mytokencap.com/en/aboutusArticle Link:https://www.mytokencap.com/en/choicenews/2963893.html