Original title: "Hacker Attack Halves Flow's Performance, Rollback Plan Sparks Ecosystem War"
Original author: Asher, Odaily Odaily
Last Saturday afternoon, a sudden hacker attack threw the Flow network into chaos. This Layer 1 network, built by the Dapper Labs team and designed for next-generation applications, games, and digital assets, watched helplessly as $3.9 million in assets were transferred off-chain due to an exploited execution-layer vulnerability. Following the attack, its token, FLOW, plummeted by half in a short period, from $0.173 to $0.079, and has since rebounded slightly to around $0.107.
FLOW K-line chart
Below, Odaily Odaily summarizes the Flow theft incident, the official response, and why it triggered strong questions from Flow partners and the community.
Flow issued an urgent response: isolating the network and announcing a rollback plan.
Following the attack, the Flow Foundation responded swiftly and confirmed the details of the incident. The attackers exploited an execution-layer vulnerability to transfer approximately $3.9 million in assets. The incident did not affect users' existing balances, and user deposits remain safe. The attacking addresses have been flagged, and the money laundering route is being continuously traced. The Foundation has submitted asset freeze requests to Circle, Tether, and several major trading platforms.
To clean up illegitimate transactions on the blockchain and fix the vulnerability, the Flow Foundation isolated the network and released Mainnet 28, the mainnet vulnerability fix. The Foundation's initial solution was to roll back the network state to a checkpoint before the attack , specifically Cadence block height 137363395, thus deleting all transactions generated within approximately six hours. Regardless of the transaction's legitimacy, all transactions were cleared, and users needed to resubmit them after the node restarted. The Foundation believes this solution is the safest path to restore network integrity and has repeatedly emphasized that user funds will not be affected throughout the process, while promising to provide updates on the event's progress every two hours.
This rollback decision, though seemingly decisive, quickly ignited a firestorm within the ecosystem—because the hacker's funds had already been bridged off-chain, the rollback had no impact on the attackers, only affecting honest users and partners.
Cross-chain bridge partners and community users strongly opposed the rollback plan, which was met with fierce criticism.
Following the announcement of the rollback plan, cross-chain bridge partners and community users within the Flow ecosystem quickly faced collective criticism. Alex Smirnov, co-founder of deBridge, Flow's main cross-chain bridge partner, publicly criticized the decision on the X platform, stating it was too hasty and lacked prior communication with key bridging partners. As a crucial asset channel within the Flow ecosystem, deBridge received no advance notice of the rollback.
Smirnov pointed out that the potential damage from a rollback could far exceed the initial hack itself. Because cross-chain assets have already circulated across multiple systems, a forced rollback would trigger serious problems such as asset duplication and inconsistent custody status. Ultimately, the bridges, users, and counterparties operating normally during the window period would suffer the consequences. He disclosed that approximately $200,000 and $50,000 in deposits on deBridge fell within the rollback window . Once the rollback is executed, it could lead to the disappearance of funds on one side or, in extreme cases, the duplication of assets.
Based on the aforementioned risks, Smirnov called on Flow validators to suspend block production and validation until the compensation plan, partner coordination mechanism, and independent security team intervention plan are all clearly defined. Similar issues are not isolated cases. As the primary cross-chain custodian of USDC on the Flow network, LayerZero also faces the risk of approximately $220,000 and $180,000 in cross-chain transactions falling within the rollback window.
Beyond the cross-chain bridge partners within the Flow ecosystem, on the X platform, users began expressing widespread concerns about fund security, while developers questioned the network's reliability and governance mechanisms under extreme conditions. Investor sentiment simultaneously turned cautious, intensifying selling pressure. Numerous voices pointed to the rollback itself exposing the reality of centralized control on-chain, rapidly escalating what began as a technical incident into a crisis of trust.
Some community opinions have further targeted the core principles of blockchain. Some argue that rollback directly undermines transaction finality and immutability, making Flow more like a consortium blockchain susceptible to administrative intervention at critical moments. Others compare historical security incidents with other public blockchains, pointing out that similar situations are typically handled by isolating attacker addresses and freezing fund flows, rather than performing a global rollback of the entire network state.
Crypto KOL Wazz (@WazzCrypto) stated on the X platform that Flow's rollback decision was one of the worst handling methods he had ever seen. In his view, the attackers had already transferred approximately $4 million in assets off-chain, and would hardly be affected by the rollback. The real cost would be borne by innocent users who were using the network normally through the cross-chain bridge.
Flow officials changed their stance: abandoning rollback and adopting a new isolation recovery solution.
Faced with strong opposition from partners and the community, the Flow team ultimately decided to abandon the network rollback and instead opt for the "Isolation Recovery Plan." This plan was developed through direct negotiations with cross-chain bridges, trading platforms, and infrastructure partners, and its key points include:
• No rollback/reorganization, preserving all legitimate user activity;
• No need for partners to replay transactions;
Over 99.9% of accounts were unaffected and will resume normal operation immediately after restarting;
• Upon restart, accounts receiving illegally minted tokens will be temporarily restricted.
In addition, the network will be restored in phases:
• In the first phase, the Cadence environment is launched, and EVM is temporarily restricted;
• Second phase, Cadence repair (approximately 24 to 48 hours);
• In the third phase, the EVM was repaired and restarted;
• In the fourth phase, cross-chain bridges/trading platforms will resume operation. The specific resumption time will be determined by the operator after confirming stability based on the actual situation.
In addition, Dapper Labs, the team behind Flow, expressed its support for this solution on the X platform, stating that it "preserves legitimate activity and provides a clear path to recovery."
This "abandoning rollback" stance has eased tensions in the short term and prevented the spread of systemic risks that a rollback might have triggered. As of now, the network is still in a phased coordination and recovery process, and officials have stated that user funds remain safe.
In the highly uncertain environment of the crypto market, this crisis may become a major watershed in Flow's development path, and its long-term impact remains to be seen.
