Rewards Hub Flow has released a technical post-mortem report on a security incident that occurred on December 27, 2025, revealing that attackers exploited a type confusion vulnerability in the Cadence VM to forge tokens. Approximately $3.9 million worth of assets were transferred out via cross-chain bridges, including Celer, deBridge, Stargate, and Relay, before the network was paused. Most of the forged assets have been contained on-chain or are under control by relevant parties. Flow resumed mainnet operations on December 29, implementing isolation recovery measures and deploying patches to enhance static type checks and runtime defenses. The company is collaborating with on-chain forensic agencies and authorities for further investigation.
Flow Reports $3.9 Million Loss in December Security Breach
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.