2025-12-28 00:40:38

Flow blockchain has encountered an issue. On December 27th, an attacker discovered and exploited a vulnerability in the Flow execution layer. During the window before validators could perform coordinated stop operations, the hacker successfully stole approximately 390 Flow tokens.

The Flow Foundation subsequently issued a statement. This incident serves as a reminder that even well-known public blockchains are not immune to security vulnerabilities. The protection measures at the execution layer often become the breakthrough point for hackers—they take advantage of the time window before the verification mechanism is activated.

For participants in the Flow ecosystem, this is no small matter. Although 390 tokens represent a limited share within the entire ecosystem, the exposed system vulnerability is particularly noteworthy. The security of a blockchain fundamentally depends on its weakest link—an execution layer coordination delay can be exploited.

The Flow Foundation stated that they will strengthen the investigation and defense against such vulnerabilities. The community is also discussing whether a faster validator response mechanism is necessary. Events like this provide important lessons for the entire industry—highlighting the critical importance of security audits and emergency response.

FLOW-1,84%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

9 Likes

Reward
9
5
Repost
Share

Comment

0/400

ZeroRushCaptain

· 2025-12-29 20:33

It's the same old story... 390 coins, what does that amount to? Our group of veteran investors have seen their holdings cut in half more times than I can count. Validators react slowly and get stabbed in the back. Fine, I've fallen for this tactic on Ethereum before. Underestimating the vulnerabilities at the execution layer = courting disaster. Flow is just teaching us a lesson. The weakest link determines everything—my blood and tears lessons. I’ll just laugh when they say to strengthen defenses. They say that every time, and next time we still get caught off guard. It's time to activate the reverse indicator attribute.

View OriginalReply0

LiquidityLarry

· 2025-12-29 10:36

Once again, the execution layer is having issues, this time getting stuck in the time window. 390 tokens, so what? The problem is how obvious this vulnerability is and how it wasn't caught. Flow really needs to speed up validator responses; otherwise, we'll get exploited again later. That's why I never put all my eggs in one basket. What’s the use of an apology statement? I just want to know how to prevent it next time.

View OriginalReply0

MetaEggplant

· 2025-12-28 01:10

Another public chain crashes again. Where's the promised decentralization? Validators react slowly and get exploited, it's hilarious. 390 coins isn't much, but this vulnerability exposes huge issues. Flow is rushing to issue a statement, the community is still watching the drama. How can anyone still believe in execution layer security? It's unbelievable. The weakest link has killed many projects. I've always said that time window attacks are hard to defend against, and now it's clear. Security audits? They say it every time, and every time there's a failure.

View OriginalReply0

OnchainDetective

· 2025-12-28 00:57

Based on on-chain data, the vulnerability in this time window is very typical—validator response delays + execution layer coordination issues, it's exactly what hackers exploit. I've known for a while that the risk with Flow lies here... The 390 tokens are just the tip of the iceberg. The key question is, how long has this vulnerability been exposed before it was discovered? Trace the wallet addresses to track the movement of those 390 Flow tokens... It doesn't seem like they will just flow out that easily. Even well-known public chains are similar; the weakest link is always the biggest vulnerability. It depends on how the Flow Foundation addresses the vulnerability. The response mechanism really needs to be accelerated.

View OriginalReply0

MetaMaskVictim

· 2025-12-28 00:42

Another public chain vulnerability, truly incredible Getting attacked again? If you don't suffer losses this time, it's considered a win The idea of verification delay is really disgusting, it seems every chain has this problem 390 tokens isn't much, but this hole must be patched... The time window has been exploited, classic What is Flow trying to teach us? Is the security cost this high? Verification mechanisms need to be sped up, or we'll be waiting to cut the leeks every day

View OriginalReply0