Core Insights - Flow released a technical post-mortem analysis report regarding a security incident on December 27, 2025, revealing that attackers exploited a type confusion vulnerability in Cadence VM to forge tokens [1] - Approximately $3.9 million worth of assets were drained through cross-chain bridges (including Celer, deBridge, Stargate, and Relay) before the network was paused, while most of the forged assets have been restricted on-chain or controlled by relevant parties [1] - Flow resumed mainnet operations on December 29 through an isolation recovery plan and deployed multiple patches to enhance static type checking and runtime defenses, while cooperating with on-chain forensic agencies and relevant departments for further investigation [1]
Flow 发布安全事件事后报告,涉及 Cadence VM 漏洞
Xin Lang Cai Jing·2026-01-06 17:29