On December 28th, Flow officially released an update on the attack incident. On December 27th, attackers exploited a vulnerability in the Flow execution layer to transfer approximately $3.9 million in assets before the network outage. This attack did not access users' existing balances, and all user deposits are safe. Currently, the approximately $3.9 million in funds primarily flowed out through bridges such as Celer, Debridge, Relay, and Stargate. The attacker's wallet has been identified and flagged, and their money laundering activities through Thorchain and Chainflip are being tracked in real time. The Flow Foundation has also submitted freezing requests to Circle, Tether, and major trading platforms.
The protocol patch for the vulnerability has been released, and node operators are coordinating the deployment of this upgrade.
