FLOW coin plummets over 40%! How did a security incident on the Flow blockchain network trigger a storm of chaos?

Flow blockchain suffers attack with a loss of $3.9 million, causing the token price to plummet over 40%. The official plan to rollback records has triggered backlash from partners, and Korean exchanges have also issued risk warnings.

Flow blockchain reveals cybersecurity incident, losing $3.9 million

Developed by Dapper Labs, the creator of NBA Top Shot, the Flow blockchain experienced a major cybersecurity breach over the weekend, causing the native token $FLOW to drop more than 40% in a single day, from about $0.17 to around $0.10, sparking market panic.

Image source: CoinMarketCap Flow blockchain cybersecurity incident, FLOW token plunges over 40%

On-chain analyst Wazz pointed out that the attacker used a wallet created about six months ago to maliciously mint millions of WFLOW tokens via a proxy contract.

Moreover, the method used to attack the Flow blockchain was not due to a smart contract code vulnerability but rather the leakage of official private keys.

Blockchain security expert Taylor Monahan stated that, the attacker exploited this vulnerability to mint FLOW tokens as well as bridged assets like WBTC, WETH, and stablecoins, with estimated losses reaching up to $3.9 million.

Flow plans to freeze assets and perform a rollback to recover losses

The Flow Foundation subsequently confirmed the attack. Currently, the stolen funds on the Flow blockchain have been moved out via cross-chain bridges such as Celer and Debridge, and are being laundered through protocols like Thorchain.

The Flow blockchain has urgently paused all fund withdrawal channels and has requested exchanges like Circle and Tether to freeze the assets in an attempt to intercept the stolen funds.

Image source: X Flow cybersecurity incident, loss of $3.9 million

Flow’s plan to rollback records lacked communication, causing partner backlash

To correct the transaction records exploited by hackers, the Flow Foundation initially planned to rollback the blockchain transaction history to a point before the attack and issued a statement saying that all transactions submitted during the affected period would not be retained, and the network would be restored to a checkpoint prior to the vulnerability being exploited.

However, this proposal triggered backlash from the community and partners. Alex Smirnov, co-founder of cross-chain bridge protocol deBridge, revealed that the Flow team did not communicate with major ecosystem partners before deciding to rollback, which caught many partners off guard.

Smirnov criticized that since the attacker had already transferred the stolen funds out of the Flow blockchain, performing a rollback would not punish the hacker but instead cause innocent users, liquidity providers, and exchanges operating during that period to suffer losses.

Both deBridge and LayerZero, another cross-chain protocol, advocate that the official should adopt targeted hard forks to fix the vulnerability and blacklist the hacker’s address, rather than crudely rolling back the entire chain history.

In response to external criticism, the Flow Foundation later announced that they would extend the consultation period to carefully evaluate feedback from all parties.

Image source: X Flow’s lack of communication regarding the rollback plan caused partner backlash, now they say they will reconsider

Korean exchanges take emergency measures, issue investment risk warnings

Following the cybersecurity incident on the Flow blockchain, major Korean cryptocurrency exchanges Upbit and Bithumb quickly suspended deposit and withdrawal services for FLOW tokens.

Additionally, the Digital Asset Exchange Alliance (DAXA), composed of Korea’s five major crypto exchanges, also issued an official trading risk warning.

DAXA stated that, depending on how the situation develops, further protective measures may be taken. If the risk continues to escalate, trading restrictions or even termination of support for the token are not ruled out to protect investors’ rights.

Further reading:
2025 to become the darkest year for crypto crime! Hackers steal $6.5 billion, with many cases led by North Korea