Protocol flaw led to asset duplication, network halt, and governance-led recovery
The Flow Foundation has released a detailed breakdown of a December 27 protocol-level exploit that resulted in approximately $3.9 million in confirmed losses. The incident stemmed from a technical flaw that allowed counterfeit tokens to be duplicated on the network before being contained.
According to the post-mortem, the attacker exploited a vulnerability in Flow’s Cadence runtime. The flaw allowed certain assets to be duplicated instead of properly minted, bypassing supply controls. Importantly, the exploit did not drain or access existing user balances, but instead created illegitimate assets onchain.
Validators coordinated a network halt within six hours of the first malicious transaction. The blockchain was placed into read-only mode to block exit paths and prevent further duplication while the issue was investigated.
Containment and Recovery Process
Operations resumed two days later under an isolated recovery plan. Through a governance-approved process, counterfeit assets were recovered and permanently destroyed. Exchange partners froze most illicit tokens before liquidation, and over 99% of accounts retained full access throughout the incident.
Flow has since patched the vulnerability, implemented stricter runtime checks, and expanded regression testing. The foundation is also enhancing monitoring, bug bounty programs, and forensic collaboration to reduce the risk of similar exploits going forward.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.