$3.9 Million Stolen, Token Plummeted: Flow's Rollback Plan Triggers Eco War

Original Title: "Hacker Attack Causes Flow to Halve in Value, Rollback Plan Triggers Ecosystem Civil War"

Original Author: Asher, Odaily Planet Daily

Last Saturday afternoon, a sudden hacker attack threw the Flow network into chaos. This Layer 1 network built by the Dapper Labs team, designed for the next generation of applications, games, and digital assets, witnessed $3.9 million in assets being moved off-chain as an exploit at the execution layer was leveraged. Following the attack, its token FLOW experienced a temporary 50% drop, plummeting from $0.173 to $0.079, with the price currently rebounding slightly to around $0.107.

FLOW Candlestick Chart

Below, Odaily Planet Daily will summarize the recent Flow hack, official response, and why it sparked strong doubts from Flow partners and the community.

Flow Official Emergency Response: Network Isolation and Announcement of Rollback Plan

Following the attack, the Flow Foundation promptly responded and confirmed the event details. The attacker exploited an execution layer vulnerability to transfer around $3.9 million in assets, with user balances unaffected by the incident, and user deposits remaining secure. The related attack addresses have been blacklisted, and the money laundering trail is actively being traced, with the Foundation having submitted asset freeze requests to Circle, Tether, and several major exchanges.

To clean up illicit on-chain transactions and fix the vulnerability, the Flow Foundation has isolated the network and released the Mainnet 28 version with a bug fix. The Foundation's initial response plan is to rollback the network state to a checkpoint before the attack occurred, specifically at Cadence block height 137363395, thereby erasing all transaction records generated in approximately 6 hours. Whether the transactions were legitimate or not, they will all be removed, and users will need to resubmit their transactions after node restart. The Foundation believes this plan is the safest path to restore network integrity, emphasizing repeatedly that user funds will not be affected throughout the process, while committing to updating the community on progress every two hours.

While this rollback decision may seem decisive, it quickly ignited an ecosystem powder keg—since the hacker's funds had already been bridged out of the chain, the rollback would have no impact on the attacker and would only affect honest users and partners.

Cross-Chain Bridge Partners and Community Strongly Oppose, Rollback Plan Under Fire

After the rollback plan was announced, cross-chain bridge partners within the Flow ecosystem and community users quickly faced collective scrutiny. Alex Smirnov, co-founder of Flow's main cross-chain bridge partner deBridge, publicly criticized the decision on X Platform, stating that it was too hasty and did not involve any communication with key bridge partners beforehand. As a crucial asset pathway in the Flow ecosystem, deBridge did not receive any advance notice regarding the rollback.

Smirnov pointed out that the potential damage caused by the rollback could far exceed the initial hack itself. Since cross-chain assets have been transacted across multiple systems, forcing a rollback would result in serious issues such as asset duplication and inconsistent custody statuses, ultimately harming the bridges, users, and counterparties operating normally within the timeframe. He revealed that around $200,000 and $50,000 in deposits are within the rollback timeframe on deBridge, and if the rollback is executed, it could lead to funds disappearing into thin air on one side or extreme cases of asset double-spending.

Due to the aforementioned risks, Smirnov called on Flow validators to pause block production and validation until all compensation plans, partner coordination mechanisms, and independent security team intervention plans are clearly outlined. Similar issues are not isolated incidents. As the main cross-chain custodian of USDC on the Flow network, LayerZero also faces cross-chain transaction risks of around $220,000 and $180,000 within the rollback window.

In addition to the cross-chain bridge partners within the Flow ecosystem, on X Platform, users have started expressing concerns about fund security in a concentrated manner, developers have questioned the network's reliability and governance mechanisms under extreme circumstances, and investor sentiment has shifted towards caution, exacerbating selling pressure. Many voices directly point out that the rollback itself has exposed the on-chain centralization control, turning the original technical glitch into a trust crisis.

Some community perspectives further target the core principles of blockchain. Some believe that the rollback directly undermines transaction finality and immutability, making Flow appear more like a centrally controlled consortium chain at a critical moment. Others compare this to historical security incidents on other blockchains, indicating that similar situations are usually handled by isolating the attacker's address or freezing fund flows rather than performing a global network rollback.

Crypto KOL Wazz (@WazzCrypto) bluntly stated on X Platform that Flow's rollback decision is one of the worst handling methods he has ever seen. In his view, the attacker had already moved around $4 million worth of assets off-chain, hardly affected by the rollback, while the innocent users who were utilizing the network normally through the cross-chain bridge are the ones truly bearing the consequences.

Flow Official Shifts Stance: Abandons Rollback, Adopts Isolation Recovery Plan

Facing strong opposition from partners and the community, the Flow team has ultimately decided to abandon the network rollback and pivot to an "isolation recovery plan." This plan was developed through direct negotiation with cross-chain bridges, exchanges, and infrastructure partners and includes the following key points:

· No rollback/reorg, preserving all legitimate user activity;

· No need for partners to replay transactions;

· Over 99.9% of accounts unaffected, ready to resume normal operations upon restart;

· Upon restart, temporarily restrict accounts receiving illicitly minted tokens;

Furthermore, the network will undergo a phased recovery:

· Phase one, Cadence environment goes live, with EVM temporarily restricted;

· Phase two, Cadence fix (approximately 24 to 48 hours);

· Phase three, EVM fix and restart;

· Phase four, cross-chain bridges/exchanges resume operations, with the specific recovery timing to be determined by the operators based on stability confirmation.

Additionally, the team behind Flow, Dapper Labs, has expressed support for this plan on Platform X, stating, "Preserve legitimate activity, provide a clear recovery path."

This "rollback abandonment" stance has alleviated short-term ecosystem tension and averted potential systemic risk propagation from a rollback. As of now, the network is still in a phased coordination and recovery process, with officials indicating that user funds remain secure.

In an environment of high crypto market uncertainty, this crisis may become a significant turning point in Flow's development path, with its long-term impact awaiting further validation by time.

Original Article Link