Flow details December exploit that led to $3.9M in losses due to counterfeit tokens

A protocol-level flaw allowed assets to be duplicated rather than minted, prompting a network halt and a governance-led recovery process.

The Flow Foundation on Tuesday published a technical post-mortem detailing a protocol-level exploit that occurred on Dec. 27, when an attacker was able to counterfeit tokens on the network, resulting in about $3.9 million in confirmed losses before the exploit was contained.

According to the report, the attacker exploited a flaw in Flow’s Cadence runtime that allowed certain assets to be duplicated rather than minted, bypassing supply controls without accessing or draining existing user balances. Validators coordinated a network halt within six hours of the first malicious transaction, while exchange partners froze most counterfeit assets before they could be sold.

Flow said the temporary halt placed the network into a read-only mode to sever exit paths and prevent further duplication while the issue was investigated. Operations resumed two days later under an “isolated recovery” plan that preserved legitimate transaction history and authorized the recovery and permanent destruction of counterfeit assets through a governance-approved process.

Read more