Hacker Attack Halves Flow, Rollback Plan Sparks Civil War in Ecosystem

Author | Asher(@Asher_ 0210)

Last Saturday afternoon, a sudden hacker attack threw the Flow network into chaos. This Layer 1 network, built by the Dapper Labs team and tailored for the next generation of applications, games, and digital assets, watched helplessly as assets worth $3.9 million were transferred off-chain by exploiting an execution layer vulnerability. Following the attack, its token FLOW was halved in a short time, plummeting from $0.173 to $0.079, and has since rebounded slightly to around $0.107.

FLOW K-Line Chart

Below, Odaily Planet Daily breaks down this Flow theft incident, the official response, and why it has drawn strong skepticism from Flow's partners and community.

Flow Official Emergency Response: Isolate Network and Announce Rollback Plan

After the attack, the Flow Foundation quickly responded and confirmed the details of the incident. The attacker exploited an execution layer vulnerability to transfer approximately $3.9 million in assets; the incident did not affect users' existing balances, and user deposits remain safe. The relevant attack addresses have been marked, and money laundering paths are being continuously tracked. The Foundation has submitted asset freeze requests to Circle, Tether, and several major exchanges.

To clean up illegal on-chain transactions and fix the vulnerability, the Flow Foundation isolated the network and released a patched version of the mainnet, Mainnet 28. The Foundation's initial proposed solution was to roll back the network state to a checkpoint before the attack, specifically to Cadence block height 137363395, thereby deleting all transaction records generated within approximately 6 hours. All transactions, whether legitimate or not, would be erased together, and users would need to resubmit transactions after node restarts. The Foundation believed this plan was the safest path to restore network integrity, repeatedly emphasized that user funds would not be affected throughout the process, and promised to provide external updates on the incident's progress every two hours.

This rollback decision, seemingly decisive, quickly ignited an ecological firestorm—because the hacker's funds had already been bridged off-chain, the rollback would not affect the attacker but would only impact honest users and partners.

Cross-Chain Bridge Partners, Community Users Strongly Oppose, Rollback Plan Heavily Criticized

After the rollback plan was announced, cross-chain bridge partners within the Flow ecosystem and community users quickly faced collective skepticism. Alex Smirnov, co-founder of deBridge, a major cross-chain bridge partner of Flow, publicly criticized the decision on platform X as too hasty and made without any communication with key bridge partners beforehand. As a crucial asset channel for the Flow ecosystem, deBridge did not receive any advance notice regarding the rollback.

Smirnov pointed out that the potential damage from a rollback could far exceed that of the initial hacker attack itself. Since cross-chain assets are already circulated across multiple systems, a forced rollback would cause serious issues such as asset duplication and inconsistent custody states, ultimately harming the bridges, users, and counterparties who operated normally during the window. He disclosed that approximately $200,000 and $50,000 in deposits on deBridge fell within the rollback time window; once the rollback is executed, it could lead to funds disappearing on one side or the extreme scenario of assets being minted repeatedly.

Based on these risks, Smirnov called on Flow validators to suspend block production and validation until compensation plans, partner coordination mechanisms, and independent security team intervention plans are all clarified. Similar issues are not isolated cases. As the main cross-chain custodian for USDC on the Flow network, LayerZero also faces risks with approximately $220,000 and $180,000 in cross-chain transactions falling within the rollback window.

Beyond cross-chain bridge partners within the Flow ecosystem, users on platform X began to集中 express concerns about fund safety, developers questioned the network's reliability and governance mechanisms in extreme situations, investor sentiment turned cautious, and selling pressure intensified accordingly. Many voices pointed out that the rollback itself exposed the reality of centralized control on the chain, rapidly turning a technical accident into a crisis of trust.

Some community views further targeted the core principles of blockchain. Some argued that the rollback directly shook transaction finality and immutability, making Flow resemble an alliance chain subject to administrative intervention at critical moments. Others compared it to historical security incidents on other public chains, noting that similar situations are usually handled by isolating attacker addresses and freezing fund flows, rather than performing a global rollback of the entire network state.

Crypto KOL Wazz(@WazzCrypto) stated bluntly on platform X that Flow's rollback decision was one of the worst handling methods he had ever seen. In his view, the attacker had already transferred nearly $4 million in assets off-chain and would hardly be substantively affected by the rollback; the real cost would be borne by innocent users who used the network normally via cross-chain bridges.

Flow Official Changes Stance: Abandons Rollback, Adopts Isolated Recovery New Plan

Facing strong opposition from partners and the community, the Flow official ultimately decided to abandon the network rollback and shift to an "Isolated Recovery Plan." This plan was developed through direct consultation with cross-chain bridges, exchanges, and infrastructure partners. Key points include:

• No rollback/reorganization, preserving all legitimate user activity;
• No need for partners to replay transactions;
• Over 99.9% of accounts unaffected, normal operation upon restart;
• Temporary restriction of accounts receiving illegally minted tokens upon restart;

Additionally, the network will be restored in phases:

• Phase 1: Cadence environment goes online, EVM temporarily restricted;
• Phase 2: Cadence repair (approximately 24 to 48 hours);
• Phase 3: EVM repair and restart;
• Phase 4: Cross-chain bridges/exchanges resume operation, specific recovery time determined by operators based on actual conditions after confirming stability.

Furthermore, Dapper Labs, the team behind Flow, expressed support for this plan on platform X, stating it "preserves legitimate activity and provides a clear path to recovery."

This "abandon rollback" stance alleviated ecological tensions in the short term and avoided the systemic risk扩散 that a rollback might have triggered. As of now, the network is still in the phased coordination and recovery process, and officials state that user funds remain safe.

In the highly uncertain environment of the crypto market, this crisis may become a significant watershed in Flow's development path. Its long-term impact remains to be tested by time.