星球日报|1月 06, 2026 16:47
[Flow Releases Technical Review Report on Security Incident of December 27, 2025]
Odaily Planet Daily News – On December 27, 2025, the Flow network experienced an attack targeting a type confusion vulnerability in the Cadence virtual machine, resulting in the illegal minting of tokens. The attacker exploited a complex 'three-part vulnerability chain' to bypass resource linear guarantees, disguising resource objects as structs for duplication. The incident caused approximately $3.9 million in actual economic losses, with funds flowing out through cross-chain bridges such as Celer and deBridge. According to Flow's monitoring, the attacker created a total of 87.96 billion FLOW tokens and various other tokens, of which 1.094 billion FLOW were transferred to centralized exchanges. Thanks to validators shutting down the network in time and collaborating with OKX, Gate.io, MEXC, and others, about 98.7% of the illicit assets have been frozen on-chain or at exchanges, and approximately 484 million FLOW tokens have been destroyed. The network was restored on December 29 through an 'Isolation Recovery Plan,' and a comprehensive patch covering parameter validation, runtime checks, and contract deployment logic has now been deployed.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink