Hacker Attack Halves Flow, Rollback Plan Sparks Civil War in Ecosystem

marsbitОпубліковано о 2025-12-29Востаннє оновлено о 2025-12-29

Анотація

Flow, a Layer 1 blockchain built by Dapper Labs, suffered a major security breach last Saturday when a hacker exploited an execution layer vulnerability, transferring approximately $3.9 million in assets off-chain. The attack caused the price of FLOW to plummet by over 50%, dropping from $0.173 to $0.079, though it later partially recovered to around $0.107. Initially, the Flow Foundation proposed rolling back the network to a checkpoint before the attack occurred, which would have erased all transactions within a six-hour window. This decision was met with strong opposition from ecosystem partners, especially cross-chain bridges like deBridge and LayerZero, who warned that a rollback could cause asset duplication, inconsistencies, and significant losses for legitimate users. Facing community backlash and partner concerns, the foundation abandoned the rollback plan. Instead, it adopted an "Isolation Recovery Plan" developed in coordination with key partners. The new strategy involves no chain reorganization, preserves all legitimate user transactions, and temporarily restricts accounts that received illicitly minted tokens. The network will be restored in multiple stages, with full functionality expected within 24 to 48 hours. The incident has raised questions about network reliability and governance, shifting the crisis from a technical issue to a broader challenge of trust in Flow's decentralized integrity.

Author | Asher(@Asher_ 0210)

Last Saturday afternoon, a sudden hacker attack threw the Flow network into chaos. This Layer 1 network, built by the Dapper Labs team and tailored for the next generation of applications, games, and digital assets, watched helplessly as assets worth $3.9 million were transferred off-chain by exploiting an execution layer vulnerability. Following the attack, its token FLOW was halved in a short time, plummeting from $0.173 to $0.079, and has since rebounded slightly to around $0.107.

FLOW K-Line Chart

Below, Odaily Planet Daily breaks down this Flow theft incident, the official response, and why it has drawn strong skepticism from Flow's partners and community.

Flow Official Emergency Response: Isolate Network and Announce Rollback Plan

After the attack, the Flow Foundation quickly responded and confirmed the details of the incident. The attacker exploited an execution layer vulnerability to transfer approximately $3.9 million in assets; the incident did not affect users' existing balances, and user deposits remain safe. The relevant attack addresses have been marked, and money laundering paths are being continuously tracked. The Foundation has submitted asset freeze requests to Circle, Tether, and several major exchanges.

To clean up illegal on-chain transactions and fix the vulnerability, the Flow Foundation isolated the network and released a patched version of the mainnet, Mainnet 28. The Foundation's initial proposed solution was to roll back the network state to a checkpoint before the attack, specifically to Cadence block height 137363395, thereby deleting all transaction records generated within approximately 6 hours. All transactions, whether legitimate or not, would be erased together, and users would need to resubmit transactions after node restarts. The Foundation believed this plan was the safest path to restore network integrity, repeatedly emphasized that user funds would not be affected throughout the process, and promised to provide external updates on the incident's progress every two hours.

This rollback decision, seemingly decisive, quickly ignited an ecological firestorm—because the hacker's funds had already been bridged off-chain, the rollback would not affect the attacker but would only impact honest users and partners.

Cross-Chain Bridge Partners, Community Users Strongly Oppose, Rollback Plan Heavily Criticized

After the rollback plan was announced, cross-chain bridge partners within the Flow ecosystem and community users quickly faced collective skepticism. Alex Smirnov, co-founder of deBridge, a major cross-chain bridge partner of Flow, publicly criticized the decision on platform X as too hasty and made without any communication with key bridge partners beforehand. As a crucial asset channel for the Flow ecosystem, deBridge did not receive any advance notice regarding the rollback.

Smirnov pointed out that the potential damage from a rollback could far exceed that of the initial hacker attack itself. Since cross-chain assets are already circulated across multiple systems, a forced rollback would cause serious issues such as asset duplication and inconsistent custody states, ultimately harming the bridges, users, and counterparties who operated normally during the window. He disclosed that approximately $200,000 and $50,000 in deposits on deBridge fell within the rollback time window; once the rollback is executed, it could lead to funds disappearing on one side or the extreme scenario of assets being minted repeatedly.

Based on these risks, Smirnov called on Flow validators to suspend block production and validation until compensation plans, partner coordination mechanisms, and independent security team intervention plans are all clarified. Similar issues are not isolated cases. As the main cross-chain custodian for USDC on the Flow network, LayerZero also faces risks with approximately $220,000 and $180,000 in cross-chain transactions falling within the rollback window.

Beyond cross-chain bridge partners within the Flow ecosystem, users on platform X began to集中 express concerns about fund safety, developers questioned the network's reliability and governance mechanisms in extreme situations, investor sentiment turned cautious, and selling pressure intensified accordingly. Many voices pointed out that the rollback itself exposed the reality of centralized control on the chain, rapidly turning a technical accident into a crisis of trust.

Some community views further targeted the core principles of blockchain. Some argued that the rollback directly shook transaction finality and immutability, making Flow resemble an alliance chain subject to administrative intervention at critical moments. Others compared it to historical security incidents on other public chains, noting that similar situations are usually handled by isolating attacker addresses and freezing fund flows, rather than performing a global rollback of the entire network state.

Crypto KOL Wazz(@WazzCrypto) stated bluntly on platform X that Flow's rollback decision was one of the worst handling methods he had ever seen. In his view, the attacker had already transferred nearly $4 million in assets off-chain and would hardly be substantively affected by the rollback; the real cost would be borne by innocent users who used the network normally via cross-chain bridges.

Flow Official Changes Stance: Abandons Rollback, Adopts Isolated Recovery New Plan

Facing strong opposition from partners and the community, the Flow official ultimately decided to abandon the network rollback and shift to an "Isolated Recovery Plan." This plan was developed through direct consultation with cross-chain bridges, exchanges, and infrastructure partners. Key points include:

No rollback/reorganization, preserving all legitimate user activity;
No need for partners to replay transactions;
Over 99.9% of accounts unaffected, normal operation upon restart;
Temporary restriction of accounts receiving illegally minted tokens upon restart;

Additionally, the network will be restored in phases:

Phase 1: Cadence environment goes online, EVM temporarily restricted;
Phase 2: Cadence repair (approximately 24 to 48 hours);
Phase 3: EVM repair and restart;
Phase 4: Cross-chain bridges/exchanges resume operation, specific recovery time determined by operators based on actual conditions after confirming stability.

Furthermore, Dapper Labs, the team behind Flow, expressed support for this plan on platform X, stating it "preserves legitimate activity and provides a clear path to recovery."

This "abandon rollback" stance alleviated ecological tensions in the short term and avoided the systemic risk扩散 that a rollback might have triggered. As of now, the network is still in the phased coordination and recovery process, and officials state that user funds remain safe.

In the highly uncertain environment of the crypto market, this crisis may become a significant watershed in Flow's development path. Its long-term impact remains to be tested by time.

Трендові криптовалюти

CitreaCTR

wrapped stUSDTWSTUSDT

Velodrome FinanceVELODROME

BrevisBREV

ZRX（0X）ZRX

PancakeSwapCAKE

Пов'язані питання

QWhat was the initial response from the Flow Foundation to the hack, and what plan did they propose?

AThe Flow Foundation quickly responded by isolating the network and proposing to roll back the network state to the checkpoint before the attack (Cadence block height 137363395), which would erase all transactions from the approximately 6-hour window.

QWhy did the cross-chain bridge partners and community strongly oppose the rollback plan?

AThey opposed it because the rollback would not affect the hacker, who had already bridged the funds off-chain, but would instead harm honest users and partners by causing issues like double-spending, asset duplication, and inconsistencies in cross-chain asset custody.

QWhat was the alternative solution Flow adopted after abandoning the rollback plan?

AFlow adopted an 'Isolation Recovery Plan' that involved no rollback, preserving all legitimate user activity, temporarily restricting accounts that received illegally minted tokens, and restarting the network in phases with coordination from bridges and exchanges.

QHow did the hack impact the price of the FLOW token?

AThe FLOW token price was halved, dropping from $0.173 to $0.079 shortly after the hack, though it later saw a small rebound to around $0.107.

QWhat major risk did deBridge highlight regarding the rollback window?

AdeBridge highlighted that about $200,000 in ETH and $50,000 in USDC on their bridge fell within the rollback window, and executing the rollback could cause those funds to vanish or be duplicated, leading to severe inconsistencies.

Пов'язані матеріали

Will the STRC Issue Price Determined by ChatGPT Lead to a Death Spiral?

A "death spiral" concerns surround the "STRC" preferred shares from MicroStrategy, a financial instrument designed by CEO Michael Saylor with significant AI consultation to trade near a $100 face value. Since its July 2025 launch alongside a ~40% Bitcoin (BTC) decline, STRC has traded at a discount, hitting a low of $82.53 and pushing its effective dividend yield above 12.9%. The debate centers on whether STRC's structure—which relies on MicroStrategy issuing more shares to fund Bitcoin purchases and dividends—is sustainable or a "centralized Ponzi scheme," as economist Peter Schiff claims. Skepticism grew after Saylor revealed the product's design involved extensive AI dialogue to create a legally viable, monthly-dividend, price-stable preferred share—a novel concept. MicroStrategy's recent sale of 32 BTC to cover dividends, coupled with a sharp slowdown in its weekly Bitcoin buys (from billions to ~$100 million in June), has intensified fears. The "at-the-market" equity issuance, a key funding mechanism, is paused while STRC trades below par. This raises the "death spiral" risk: a lower STRC price triggers automatic dividend rate hikes, increasing cash obligations and potentially forcing more share sales or Bitcoin divestments. Bullish analysts like Jesse Myers argue the sell-off stems from leveraged positions unwinding, not fundamental failure, noting the company can cover dividends for decades if BTC appreciates modestly. The shift to semi-monthly dividends and the high yield at discounted prices may attract new buyers. Major AI models (ChatGPT, Grok, Claude) suggest a return to $100 is possible but conditional on restored market confidence, sustainable dividend coverage without asset sales, and a Bitcoin price recovery. The critical test arrives as new dividend rules take effect June 30, likely raising rates again with STRC below $95. The central question remains: Can MicroStrategy fulfill its obligations without selling Bitcoin, or will the mechanism accelerate its own decline?

marsbit2 хв тому

Will the STRC Issue Price Determined by ChatGPT Lead to a Death Spiral?

marsbit2 хв тому

Why Did NVIDIA's Bond Issue Go Unnoticed While SpaceX's Caused a Plunge?

The article analyzes the contrasting market reactions to recent bond issuances by SpaceX and NVIDIA. While NVIDIA's $25 billion bond offering was met with strong demand and seen as securing long-term capital for its already profitable AI business, SpaceX's move to raise at least $20 billion in bonds (primarily to refinance bridge loans) triggered a sell-off in its stock (SPCX). The key difference lies in the stage of cash flow validation for their respective core narratives. For NVIDIA, the AI boom is generating substantial, visible revenue and profits, making debt a tool to amplify a proven growth curve. For SpaceX, despite a strong cash position post-IPO and a revenue-generating business in Starlink, its valuation is heavily tied to future, capital-intensive projects like Starship, global satellite networks, and potential AI infrastructure. The bond issuance acted as a trigger, shifting market focus from SpaceX's long-term vision to the pressing question of whether Starlink's profits can fund these ambitious, unproven ventures before they generate their own returns. Thus, the market penalizes not the act of borrowing itself, but the perceived gap between high capital expenditure and the speed of cash flow realization. SpaceX's valuation recovery hinges on demonstrating that Starlink's profitability can outpace the burn rate of its futuristic projects or that those projects (like Starship achieving reliable, low-cost reusability) can soon transition from costly visions to commercial realities.

marsbit7 хв тому

Why Did NVIDIA's Bond Issue Go Unnoticed While SpaceX's Caused a Plunge?

marsbit7 хв тому

Will the STRC Issue Price Determined by ChatGPT Really Fall into a Death Spiral?

"Strategy's" (STRC) preferred share, a financial instrument designed by CEO Michael Saylor in consultation with AI to trade steadily at $100, faces mounting pressure. Since its July 2025 launch alongside a ~40% Bitcoin price drop, STRC has traded at a steep discount, hitting a low of $82.53. This discount pushes its effective dividend yield above 12.9%. The core debate revolves around whether STRC's structure is sustainable or a "centralized Ponzi scheme," as economist Peter Schiff claims. The mechanism relies on issuing new shares ("at-the-market" offerings) to fund Bitcoin purchases and dividend payments. However, the deep discount has paused these ATM offerings, slowing Bitcoin accumulation and forcing a minor sale of 32 BTC to cover obligations. Proponents, like The Smarter Web Company's Jesse Myers, argue the sell-off is a leveraged unwinding, not a fundamental failure. They note Strategy has ample resources to cover dividends for years if Bitcoin appreciates modestly. The deep discount also makes STRC attractive for yield-seeking buyers, as dividends are calculated on the $100 face value. The key test is whether Strategy can maintain dividends without sustained Bitcoin sales. A critical watchpoint is June 30th, when STRC switches to semi-monthly dividends. An automatic rule will likely raise the dividend rate further because the price remains below $95$, potentially creating a "death spiral": lower prices trigger higher yields, increasing the cash burden and forcing more dilution or asset sales. The question of whether this AI-designed "flywheel" is a stable instrument or a flawed accelerator will be answered by its price action and Strategy's funding choices in the coming months.

链捕手7 хв тому

Will the STRC Issue Price Determined by ChatGPT Really Fall into a Death Spiral?

链捕手7 хв тому

Ethereum's Next Stop Glamsterdam: The Core Upgrades You Must Know

The Glamsterdam upgrade, scheduled for late 2026, is a major Ethereum hard fork combining the Amsterdam execution layer and Glasgow consensus layer updates. Its primary goal is not simply increasing throughput but restructuring Ethereum's block production, validation, and resource pricing to enable future scaling. Key technical changes include **EIP-7732 (ePBS)**, which formally enshrines proposer-builder separation into the protocol. This decouples consensus and execution tasks, extending the execution payload propagation window to ~9 seconds. This provides more time for node verification, allowing for safer increases in block capacity (Gas limit) in the future. Another core component is **EIP-7928 (Block-Level Access Lists - BAL)**. It mandates a list of all state accessed within a block, moving this feature from an optional transaction-level (EIP-2930) to a mandatory block-level requirement. This explicit access list enables client optimizations like parallel disk reads and state root computations, paving the way for parallel execution. To manage long-term state growth, **EIP-8037** increases the cost of creating new state (e.g., accounts, storage slots), separating the pricing of permanent database bloat from temporary computation. This allows execution capacity to scale more aggressively without causing state size to explode proportionally. The planned upgrade bundle includes around 10 EIPs categorized into: 1) Core protocol restructuring (ePBS, BAL), 2) Resource pricing adjustments (state costs, calldata costs), and 3) EVM/developer improvements. Several other EIPs, including those potentially improving staker exit liquidity (EIP-8061, EIP-8080), are under consideration. The technical development coincides with significant personnel changes within the Ethereum Foundation's Protocol team. The Foundation's official communications frame this as part of a broader shift towards a "coalition of organizations" working on the Ethereum roadmap, citing new entities like ethlabs and the Ethereum Economic Zone. In summary, Glamsterdam represents a foundational re-engineering of Ethereum's block pipeline and economic model—focusing on ePBS, BAL, and multi-dimensional resource pricing—to prepare the network for sustainable, high-throughput scaling in the years ahead.

Foresight News20 хв тому

Ethereum's Next Stop Glamsterdam: The Core Upgrades You Must Know

Foresight News20 хв тому

The Ethereum Foundation Has Split?! An In-depth Look at Ethlabs' "Bright Future"

"Ethereum Foundation Splits? Understanding Ethlabs and Its 'Bright Future'" Former Ethereum Foundation members Ansgar Dietrichs, Barnabé Monnot, Caspar Schwarz-Schilling, Josh Rudolf, and Julian Ma have announced the launch of Ethlabs, an independent non-profit research and development lab. Announced on June 22nd, the initiative comes amidst discussions about the need for new organizational structures within the Ethereum ecosystem, a point highlighted by Bankless founder David Hoffman. Ethlabs' mission is to establish Ethereum as the foundational settlement layer for the global economy. The organization positions itself as a bridge connecting frontline developers, applications, and user needs with the core protocol. It aims to translate real-world demands into protocol improvements, industry standards, and deployable products. The founding team brings significant expertise: Dietrichs and Monnot are highly cited researchers in areas like Proposer-Builder Separation (PBS) and MEV, while Schwarz-Schilling, Rudolf, and Ma contribute backgrounds in economic modeling, consensus research, and applied cryptography. Initial supporters include BitMine, a major corporate ETH treasury; Sharplink, another treasury firm; and Consensys founder Joe Lubin in a personal capacity. Community backers include figures like Uniswap's Hayden Adams and Base's Jesse Pollak. The timing coincides with internal Ethereum Foundation discussions about "spinout" projects. While Ethlabs and the Foundation share research interests like MEV mitigation, Ethlabs frames its role not as a competitor but as part of a shift from a "single-core coordination model" to a "multi-R&D entity collaboration model." It views Ethereum as a public project belonging to all builders, with Ethlabs as one node in a broader governance network. Ultimately, Ethlabs represents an organizational evolution within the maturing Ethereum ecosystem. The key question is whether multiple research bodies can collaborate effectively to advance Ethereum as a competitive global settlement infrastructure.

Odaily星球日报23 хв тому

The Ethereum Foundation Has Split?! An In-depth Look at Ethlabs' "Bright Future"

Odaily星球日报23 хв тому

Торгівля

Спот

Ф'ючерси

Обговорення

Ласкаво просимо до спільноти HTX. Тут ви можете бути в курсі останніх подій розвитку платформи та отримати доступ до професійної ринкової інформації. Нижче представлені думки користувачів щодо ціни FLOW (FLOW).