2026-01-06 18:43:08

The Flow blockchain recently released a detailed technical analysis report on the security incident that occurred on December 27, 2025. According to the report, the attack originated from a type confusion vulnerability in Cadence VM, which the hacker exploited to forge tokens.

The asset outflow situation is quite severe. Confirmed data shows that approximately $3.9 million worth of assets have been transferred out of the Flow network through multiple cross-chain bridges (including Celer, deBridge, Stargate, and Relay). However, based on current control status, most of the forged assets have been locked on-chain or taken over by relevant parties, making the loss scope relatively manageable.

The Flow team has published detailed technical documentation explaining the specific principles of the vulnerability and the remediation plan, which holds significant reference value for the security development of the entire ecosystem.

FLOW3,07%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

21 Likes

Reward
21
7
Repost
Share

Comment

0/400

fren.eth

· 1h ago

Type confusion vulnerability, it's the same old story. When will the ecosystem truly become secure?

View OriginalReply0

airdrop_huntress

· 23h ago

3.9 million USD is all? I thought it was more exaggerated. Luckily, it was under control.

View OriginalReply0

MEVHunterZhang

· 01-08 18:16

Type confusion vulnerability, this is quite severe. How could Cadence VM have such a low-level issue? --- 3.9 million ran away? Luckily most of it was locked, or it would have been really bad. --- Flow is quite transparent this time, all technical documentation has been published, which is a good attitude. --- Wait, all cross-chain bridges have been compromised? Celer, deBridge, none of them held up? --- Honestly, token forgery is even harder to prevent than direct theft; the VM itself needs to be fixed. --- It's another type confusion issue. When can these kinds of vulnerabilities be completely eradicated? --- Will Flow compensate? Who will cover the 3.9 million, everyone? --- It still seems that formal verification is essential for blockchain security; development shouldn't just be based on intuition.

View OriginalReply0

ReverseTradingGuru

· 01-06 19:05

$3.9 million just disappeared like that. Luckily, most of it was locked up; otherwise, it would have really blown up.

View OriginalReply0

blockBoy

· 01-06 19:04

3.9 million dollars... Luckily, most of it is locked up, or it would have caused a huge stir.

View OriginalReply0

BTCWaveRider

· 01-06 18:51

Type confusion vulnerability? Well, now, Cadence VM has also fallen victim. $3.9 million just flows out, and the cross-chain bridge has become an ATM. But luckily, the response was quick, and most assets were locked, or it would have been a bloodbath.

View OriginalReply0

LiquidityWitch

· 01-06 18:48

$3.9 million is all? Flow is still quite controlled this time, much better than some projects.

View OriginalReply1