- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
- Earn
- More
Flow Security Incident Review: Type Confusion Vulnerability in Cadence Identified as Key Factor
BlockBeats News, January 7th, Folw released an attack event retrospective report, stating that the attacker exploited a Flow Network vulnerability to mint fake tokens, stealing approximately $3.9 million through a bridging attack. This attack did not access or leak any existing user balances. The attack duplicated assets but did not touch legitimately held assets, with the majority of the fake assets either stored on-chain before liquidation or frozen by exchange partners. Network validators have approved a decentralized governance action authorizing the permanent destruction of all fake assets. The network resumed operation on December 29th, is currently running smoothly, and all transaction history has been preserved.
The attacker sequentially deployed over 40 malicious smart contracts, leveraging a three-stage attack chain: 1) bypassing attachment import verification; 2) circumventing defense checks of built-in types; 3) exploiting a contract initializer semantic vulnerability. The root cause was a type confusion vulnerability in the Cadence runtime (v1.8.8), which has now been patched (v1.8.9 and higher versions). This vulnerability allowed the attacker to disguise protected assets (which should not be duplicable) as standard data structures (which are duplicable), bypassing runtime security checks and enabling token minting.
In addition to moving assets out of Flow, the attacker also attempted to deposit fake FLOW on several centralized exchanges, but due to the abnormal transaction volume and internal anti-money laundering protocols, multiple exchanges froze the deposit upon receipt. Approximately 50% of the fake FLOW deposits have been returned and destroyed by cooperating exchanges (such as OKX, Gate, MEXC), while the foundation continues to actively coordinate with other exchange platforms.
You may also like
$70 trillion wealth transfer, the financial gateway is being rewritten | Interview with Robinhood CEO Vlad Tenev
Whale Opens 20x Oil Short on Hyperliquid With 5.6M USDC at Risk
Key Takeaways A significant leveraged short position on crude oil has been initiated on Hyperliquid using 5.6 million…
Bitcoin: The Ultimate Hedge Against Chaos
Key Takeaways Michael Saylor, co-founder of Strategy, firmly believes Bitcoin is the ultimate hedge against macroeconomic chaos. Strategy…
“Set 10 Major Targets First,” Whale Reopens Long Positions in Bitcoin
Key Takeaways A prominent cryptocurrency whale known as @Jason60704294 has reopened a long position in Bitcoin. The whale…
Analysis: Despite Bitcoin’s Price Dip, Bullish Trends Persist
Key Takeaways Despite Bitcoin’s decline below $71,000, its bullish momentum remains strong, with significant buying activity from ETFs…
DeFi Protocol Neutrl Faces Potential Security Breach
Key Takeaways The DeFi protocol Neutrl has reported a suspected attack on its front-end interface, urging users to…
OpenClaw Developers Targeted by Sophisticated GitHub Phishing Campaign
Key Takeaways OpenClaw developers are being targeted by a phishing campaign using fake GitHub accounts. Attackers claim to…
User Loses $85,000 in sNUSD to Phishing Scam
Key Takeaways A user lost approximately $85,000 in sNUSD due to a phishing attack. The attack involved a…
Bitcoin Tumbles Below $71,000 Amid Global Market Volatility
Key Takeaways Bitcoin (BTC) recently experienced a sharp drop, falling below the $71,000 mark, a significant decline influenced…
Ethereum: A Closer Look at Recent Price Movements
Key Takeaways Ethereum’s price has recently fallen below $2200, showing a daily increase of 0.55%. Ethereum (ETH) operates…
Pudgy Penguins’ Game Sparks Security Warning Amid Growing Phishing Scams
Key Takeaways A phishing campaign is targeting the Pudgy Penguins’ newly-launched game, Pudgy World, to steal cryptocurrency wallet…
The Cryptocurrency Market Downturn: An In-Depth Look
Key Takeaways The cryptocurrency market is experiencing a downturn driven by geopolitical tensions and surging oil prices. Bitcoin…
Ethereum Whale Activity: Major Accumulation Detected
Key Takeaways A significant whale activity has been detected, involving the purchase of 10,811.34 ETH over two weeks.…
Cryptocurrency Market Update: Major Developments and Insights
Key Takeaways Sky co-founder Rune Christensen has leveraged strategic moves to short the S&P 500 and invest in…
Whale Trading Strategies: Insights into Massive Crypto Moves
Key Takeaways A notable whale, @Jason60704294, made a profit of $7.093 million by closing a short position during…
BlackRock’s Significant Crypto Withdrawal from Coinbase
Key Takeaways In a surprising move, BlackRock has withdrawn 2,267 BTC and 5,041 ETH from Coinbase in the…
Ancient Whale’s Bitcoin Sale Spurs Market Movements
Key Takeaways An ancient cryptocurrency whale offloaded 1,000 BTC, valued at approximately $71.57 million, causing significant ripples in…
SEC Clarifies How Federal Securities Laws Apply to Crypto Assets
Key Takeaways: The SEC and CFTC jointly released a comprehensive guidance classifying crypto assets into five distinct categories.…
$70 trillion wealth transfer, the financial gateway is being rewritten | Interview with Robinhood CEO Vlad Tenev
Whale Opens 20x Oil Short on Hyperliquid With 5.6M USDC at Risk
Key Takeaways A significant leveraged short position on crude oil has been initiated on Hyperliquid using 5.6 million…
Bitcoin: The Ultimate Hedge Against Chaos
Key Takeaways Michael Saylor, co-founder of Strategy, firmly believes Bitcoin is the ultimate hedge against macroeconomic chaos. Strategy…
“Set 10 Major Targets First,” Whale Reopens Long Positions in Bitcoin
Key Takeaways A prominent cryptocurrency whale known as @Jason60704294 has reopened a long position in Bitcoin. The whale…
Analysis: Despite Bitcoin’s Price Dip, Bullish Trends Persist
Key Takeaways Despite Bitcoin’s decline below $71,000, its bullish momentum remains strong, with significant buying activity from ETFs…
DeFi Protocol Neutrl Faces Potential Security Breach
Key Takeaways The DeFi protocol Neutrl has reported a suspected attack on its front-end interface, urging users to…
App