Flow Foundation Reveals Details of December Token Exploit Resulting in $3.9M Losses
Ecosystem/News

Flow Foundation Reveals Details of December Token Exploit Resulting in $3.9M Losses

Flow Foundation discusses an exploit that allowed tokens to be counterfeited, leading to significant financial losses.

Trade with eToro

Trade with eToro

Open an account

Trade on XM

Trade on XM

Open an account

Trade with XTB

Trade with XTB

Open an account

On Tuesday, the Flow Foundation released a technical report about a serious exploit conducted on December 27, which enabled the counterfeiting of tokens on its network, causing approximately $3.9 million in losses before it was managed.

The report indicated that the assailant took advantage of a defect in Flow’s Cadence runtime, which allowed for the duplication of assets instead of being minted properly, circumventing the established supply controls without tapping into existing user balances. Validators managed to halt the network within six hours of the initial malicious transaction, while trading partners ensured that most counterfeit tokens were frozen prior to sale.

Following the attack, Flow placed the network in a read-only mode to terminate any further duplication while they looked into the issue. Operations resumed two days later under an isolated recovery plan that safeguarded genuine transaction records and permitted the recovery and destruction of duplicated assets through a governance-sanctioned method.

Source: Flow Blockchain

The Flow Foundation reassured that user balances were secure, as the exploit only resulted in asset duplication, rather than fund withdrawal from accounts. A small number of accounts that interacted with faked tokens were briefly restricted as a precaution, yet over 99% of accounts maintained full access throughout and after the recovery process.

While a significant volume of counterfeit tokens were generated on-chain, Flow confirmed that most were contained or frozen before being liquidated.

The Foundation has addressed the vulnerabilities that were exploited by implementing stricter runtime verification and enhancing regression testing to avert future breaches. Additionally, they are collaborating with forensic specialists and law enforcement, and are looking to bolster their monitoring and bug-bounty initiatives as part of an extensive security enhancement effort.

Flow’s NFT Market Decline

Dapper Labs, known for creating the CryptoKitties NFT project, announced Flow’s launch in September 2019, intending to tackle scalability issues encountered by consumer applications like games and digital collectibles.

Initial successes with NBA Top Shot, an NFT platform for officially licensed NBA video highlights, drew mainstream interest to the Flow blockchain during 2020 and 2021. As a result, the FLOW token exceeded $40 in 2021, according to reports from CoinGecko.

However, as activity in the NFT market declined in subsequent years, the FLOW token followed suit, losing ground and dropping outside the top 300 cryptocurrencies based on market capitalization.

The situation worsened following the December 27 breach, with the FLOW token dropping roughly 40% in just five hours. It ultimately reached a low of $0.075 on January 2 before starting to recover, trading close to $0.10 at the time of this report, marking an increase of about 16% over the past day.

Next article

Arthur Hayes Expects a Bitcoin Bull Market Due to Declining Oil Prices

Newsletter

Get the most talked about stories directly in your inbox

Every week we share the most relevant news in tech, culture, and entertainment. Join our community.

Your privacy is important to us. We promise not to send you spam!