2025-12-28 00:40:38

Flow blockchain has encountered an issue. On December 27th, an attacker discovered and exploited a vulnerability in the Flow execution layer. During the window before validators could perform coordinated stop operations, the hacker successfully stole approximately 390 Flow tokens.

The Flow Foundation subsequently issued a statement. This incident serves as a reminder that even well-known public blockchains are not immune to security vulnerabilities. The protection measures at the execution layer often become the breakthrough point for hackers—they take advantage of the time window before the verification mechanism is activated.

For participants in the Flow ecosystem, this is no small matter. Although 390 tokens represent a limited share within the entire ecosystem, the exposed system vulnerability is particularly noteworthy. The security of a blockchain fundamentally depends on its weakest link—an execution layer coordination delay can be exploited.

The Flow Foundation stated that they will strengthen the investigation and defense against such vulnerabilities. The community is also discussing whether a faster validator response mechanism is necessary. Events like this provide important lessons for the entire industry—highlighting the critical importance of security audits and emergency response.

FLOW13,81%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

6 Likes

Reward
6
3
Repost
Share

Comment

0/400

MetaEggplant

· 16h ago

Another public chain crashes again. Where's the promised decentralization? Validators react slowly and get exploited, it's hilarious. 390 coins isn't much, but this vulnerability exposes huge issues. Flow is rushing to issue a statement, the community is still watching the drama. How can anyone still believe in execution layer security? It's unbelievable. The weakest link has killed many projects. I've always said that time window attacks are hard to defend against, and now it's clear. Security audits? They say it every time, and every time there's a failure.

View OriginalReply0

OnchainDetective

· 16h ago

Based on on-chain data, the vulnerability in this time window is very typical—validator response delays + execution layer coordination issues, it's exactly what hackers exploit. I've known for a while that the risk with Flow lies here... The 390 tokens are just the tip of the iceberg. The key question is, how long has this vulnerability been exposed before it was discovered? Trace the wallet addresses to track the movement of those 390 Flow tokens... It doesn't seem like they will just flow out that easily. Even well-known public chains are similar; the weakest link is always the biggest vulnerability. It depends on how the Flow Foundation addresses the vulnerability. The response mechanism really needs to be accelerated.

View OriginalReply0

MetaMaskVictim

· 16h ago

Another public chain vulnerability, truly incredible Getting attacked again? If you don't suffer losses this time, it's considered a win The idea of verification delay is really disgusting, it seems every chain has this problem 390 tokens isn't much, but this hole must be patched... The time window has been exploited, classic What is Flow trying to teach us? Is the security cost this high? Verification mechanisms need to be sped up, or we'll be waiting to cut the leeks every day

View OriginalReply0