Hacker Attack Cuts Flow in Half, Rollback Plan Sparks Civil War Within Ecosystem

Original | Odaily Planet Daily (@OdailyChina)

Author | Asher (@Asher_ 0210)

Last Saturday afternoon, a sudden hacker attack threw the Flow network into chaos. This Layer 1 network, built by the Dapper Labs team and tailored for the next generation of applications, games, and digital assets, watched helplessly as assets worth $3.9 million were transferred off-chain due to an exploited execution layer vulnerability. Following the attack, its token FLOW was temporarily cut in half, plummeting from $0.173 to $0.079, and has since rebounded slightly to around $0.107.

FLOW K-Line Chart

Below, Odaily Planet Daily breaks down this Flow theft incident, the official response, and why it has sparked strong质疑 (questioning/doubts) from Flow's partners and community.

Flow Official Emergency Response: Isolate Network, and Announce Rollback Plan

After the attack, the Flow Foundation quickly responded and confirmed the details of the incident. The attacker exploited an execution layer vulnerability to transfer approximately $3.9 million in assets; the incident did not affect users' existing balances, and user deposits remain safe. The relevant attack addresses have been marked, money laundering paths are being continuously tracked, and the Foundation has submitted asset freeze requests to Circle, Tether, and several major exchanges.

To clean up illegal on-chain transactions and repair the vulnerability, the Flow Foundation isolated the network and simultaneously published Mainnet 28, a patched version for the mainnet vulnerability. The Foundation's initial proposed solution was to roll back the network state to a checkpoint before the attack, specifically to Cadence block height 137363395, thereby deleting all transaction records generated within approximately a 6-hour window. Regardless of whether the transactions were legitimate, they would all be erased, and users would need to resubmit transactions after node restart. The Foundation believed this plan was the safest path to restore network integrity, repeatedly emphasized that user funds would not be affected throughout the process, and promised to provide external updates on progress every two hours.

This rollback decision, seemingly decisive, quickly ignited an ecosystem firestorm—because the hacker's funds had already been bridged off-chain, the rollback would not affect the attacker but would only impact honest users and partners.

Cross-Chain Bridge Partners, Community Users Strongly Oppose, Rollback Plan Heavily Criticized

After the rollback plan was announced, cross-chain bridge partners within the Flow ecosystem and community users quickly faced collective质疑 (questioning/doubts). Alex Smirnov, co-founder of deBridge, a major cross-chain bridge partner for Flow, publicly criticized the decision on platform X as too hasty and stated that no prior communication had been made with key bridge partners beforehand. As a crucial asset channel for the Flow ecosystem, deBridge did not receive any advance notice regarding the rollback.

Smirnov pointed out that the potential damage from a rollback could far exceed that of the initial hack itself. Since cross-chain assets had already circulated across multiple systems, a forced rollback would cause serious issues like asset duplication and inconsistent custodial states, ultimately harming the bridges, users, and counterparties who operated normally during the window. He disclosed that approximately $200,000 and $50,000 in deposits on deBridge fell within the rollback time window; once the rollback was executed, it could lead to funds disappearing on one side or the extreme case of assets being double-minted.

Based on these risks, Smirnov called on Flow validators to suspend block production and validation until compensation plans, partner coordination mechanisms, and plans for independent security team involvement were all clarified. Similar issues were not isolated cases. As the main cross-chain custodian for USDC on the Flow network, LayerZero also faced risks with approximately $220,000 and $180,000 in cross-chain transactions falling within the rollback window.

Beyond cross-chain bridge partners within the Flow ecosystem, users on platform X began集中 (concentratedly) expressing concerns about fund safety, developers questioned the network's reliability and governance mechanisms under extreme circumstances, investor sentiment turned cautious accordingly, and selling pressure intensified. A significant number of voices directly pointed out that the rollback itself exposed the reality of centralized control on the chain, rapidly turning a technical incident into a crisis of trust.

Some community views further targeted the core principles of blockchain. Some argued that the rollback directly shook transaction finality and immutability, making Flow resemble an alliance chain subject to administrative intervention at a critical moment. Others compared it to historical security incidents on other public chains, pointing out that similar situations are usually handled by isolating attacker addresses and freezing fund flows, rather than performing a global rollback of the entire network state.

Crypto KOL Wazz (@WazzCrypto) stated bluntly on platform X that Flow's rollback decision was one of the worst handling methods he had ever seen. In his view, the attacker had already transferred nearly $4 million in assets off-chain and would hardly be substantively affected by the rollback; the real cost would instead be borne by innocent users who used the network normally via cross-chain bridges.

Flow Official Changes Stance: Abandons Rollback, Adopts New Isolation Recovery Plan

Facing strong opposition from partners and the community, the Flow official team ultimately decided to abandon the network rollback and shift to an "Isolation Recovery Plan". This plan was developed through direct consultation with cross-chain bridges, exchanges, and infrastructure partners. Key points include:

• No rollback/reorganization, preserving all legitimate user activity;
• No need for partners to replay transactions;
• Over 99.9% of accounts unaffected, normal operation upon restart;
• Temporary restriction of accounts that received illegally minted tokens upon restart;

Furthermore, the network will be restored in phases:

• Phase 1: Cadence environment goes online, EVM temporarily restricted;
• Phase 2: Cadence repair (approx. 24 to 48 hours);
• Phase 3: EVM repair and restart;
• Phase 4: Cross-chain bridges/exchanges resume operation, specific recovery time determined by operators based on actual conditions after confirming stability.

Additionally, Dapper Labs, the team behind Flow, expressed support for this plan on platform X, stating it "preserves legitimate activity and provides a clear path to recovery".

This "abandon rollback" stance alleviated ecosystem tensions in the short term and avoided the systemic risk扩散 (spread/proliferation) a rollback might have caused. As of now, the network is still in a phased coordination and recovery process, with officials stating user funds remain safe.

In the highly uncertain environment of the crypto market, this crisis may become a significant watershed in Flow's development path. Its long-term impact remains to be tested by time.