A security incident on December 27 led to approximately $3.9 million in losses for the Flow network due to counterfeit tokens. The Flow Foundation has since released a detailed technical analysis of the exploit that allowed an attacker to duplicate assets instead of minting them, circumventing supply controls.
Validators swiftly acted, halting network operations within six hours of the exploit's onset. This measure placed the network in a read-only mode to prevent additional fraudulent transactions, while exchange partners froze most of the counterfeit tokens. Operations resumed two days later under a governance-backed recovery plan that ensured legitimate transaction history was preserved and counterfeit assets were permanently destroyed.
The Flow Foundation confirmed that no user balances were compromised during the incident, as the exploit only involved asset duplication. Although a few accounts interacting with the counterfeit tokens faced temporary restrictions, over 99% of accounts maintained full access. To bolster security, Flow has addressed the vulnerability, instituted stricter runtime checks, and enhanced its monitoring and bug-bounty initiatives.