A post-mortem report of the Dec. 27 exploit of the Flow blockchain has detailed a protocol-level exploit that allowed the attacker to duplicate fungible tokens and drain approximately $3.9 million in value.
Summary
- Flow exploiter duplicated tokens via a Cadence runtime exploit.
- Over 1 billion counterfeit FLOW tokens were sent to exchanges, with nearly half recovered and destroyed by cooperating platforms.
- FLOW token is up 14% in the past 24 hours as the network has become fully operational.
“The attack demonstrated significant technical sophistication. The attacker deployed over 40 malicious smart contracts in a coordinated sequence,” the report published by the Flow Foundation said.
Attackers managed to exploit a major flaw in the Cadence execution layer (v1.8.8) that allowed the attacker to disguise a protected asset, which should be non-copyable, as a standard data structure that can be copied.
In simple terms, the attacker was able to duplicate rather than mint tokens, which is also why existing user balances were not directly affected.
However, Flow validators were able to initiate a network halt within six hours of the first malicious transaction, and the funds already sent to centralized exchanges were frozen by exchange partners.
“1.094 billion counterfeit FLOW was deposited by the attacker across multiple centralized exchanges. Of this, 484,434,923 FLOW has already been returned by cooperative exchange partners OKX, Gate.io, and MEXC and destroyed,” the report added.
Meanwhile, Flow has taken steps to isolate 98.7% of the remaining counterfeit supply, which is now pending destruction.
As the Foundation continues working with additional exchange partners to recover the remaining assets, it has enabled a protocol-level backstop by restricting all attacker-linked deposit addresses at the execution layer. This has been done so that the counterfeit tokens cannot be withdrawn, bridged, or transferred until they are returned for destruction.
According to the foundation, the vulnerability has been patched, and the Flow network is fully operational.
Developers opted for an “isolated recovery” plan instead of the full-chain rollback it initially sought. As previously reported by crypto.news, this was done to preserve legitimate transaction history and allow for the destruction of counterfeit assets through a governance-approved process.
FLOW, the blockchain’s native token, has managed to stage a rebound since the recovery plan was completed and the Foundation subsequently released the post-mortem.
After plunging around 40% over five hours following the hack on Dec. 27, FLOW continued sliding to a low of $0.075 on Jan. 2 before beginning to recover as the network became operational.
In the past 24 hours, the token has rallied over 14% and was trading at $0.1015 when writing.
Source: https://crypto.news/flow-exploit-post-mortem-reveals-protocol-level-flaw-behind-3-9m-loss/