The hacker attack led to Flow being halved, and the rollback plan triggered an internal war in the ecosystem

Original | Odaily Planet Daily ( @OdailyChina)

Author | Asher ( @Asher_0210)

Last Saturday afternoon, a sudden hacker attack threw the Flow network into chaos. This Layer 1 network built by the Dapper Labs team was designed for the next generation of applications, games, and digital assets, but it watched helplessly as $3.9 million in assets were transferred off-chain due to an exploited vulnerability in the execution layer. Following the attack, its token FLOW was halved in a short time, plummeting from $0.173 to $0.079, and has since slightly rebounded to around $0.107.

FLOW K-line chart

Below, Odaily Planet Daily summarizes the Flow theft incident, the official response, and why it has sparked strong doubts from Flow partners and the community.

Flow Official Emergency Response: Isolate Network and Announce Rollback Plan

After the attack, the Flow Foundation quickly responded and confirmed the details of the incident. The attacker exploited a vulnerability in the execution layer to transfer approximately $3.9 million in assets, and the incident did not affect users' existing balances, which remain safe. The relevant attack addresses have been marked, and the money laundering path is being continuously tracked. The foundation has submitted asset freeze requests to Circle, Tether, and several major exchanges.

To clean up illegal transactions on-chain and fix the vulnerabilities, the Flow Foundation isolated the network and released the mainnet vulnerability fix version Mainnet 28. The foundation's initial disposal plan is to roll back the network state to a checkpoint before the attack, specifically at Cadence block height 137363395, thereby deleting all transaction records generated within about 6 hours. Regardless of whether the transactions were legitimate, they will all be cleared, and users will need to resubmit transactions after the nodes restart. The foundation believes this plan is the safest path to restore the integrity of the network and repeatedly emphasizes that user funds will not be affected throughout the process, while promising to update the progress of the incident every two hours.

This rollback decision seems decisive but quickly ignited a fuse within the ecosystem—because the hacker's funds had already been bridged off-chain, the rollback would have no impact on the attacker and would only affect honest users and partners.

Cross-Chain Bridge Partners and Community Users Strongly Oppose, Rollback Plan Under Fire

After the rollback plan was announced, cross-chain bridge partners and community users within the Flow ecosystem quickly raised collective doubts. Alex Smirnov, co-founder of Flow's main cross-chain bridge partner deBridge, publicly criticized the decision on the X platform as being too hasty and lacking any prior communication with key bridging partners. As an important asset channel in the Flow ecosystem, deBridge did not receive any advance notice regarding the rollback.

Smirnov pointed out that the potential damage caused by the rollback could far exceed the initial hacker attack itself. Since cross-chain assets have circulated among multiple systems, a forced rollback would lead to serious issues such as asset duplication and inconsistent custody states, ultimately harming the bridges, users, and counterparties that operated normally during the window period. He disclosed that approximately $200,000 and $50,000 in deposits on deBridge fell within the rollback time window, and executing the rollback could lead to one side's funds disappearing or extreme cases of assets being double-minted.

Based on the above risks, Smirnov called on Flow validators to suspend block production and validation until the compensation plan, partner coordination mechanism, and independent security team intervention plan are all clarified. Similar issues are not isolated. As the main cross-chain custodian of USDC on the Flow network, LayerZero also faces cross-chain transaction risks of about $220,000 and $180,000 falling within the rollback window.

In addition to cross-chain bridge partners within the Flow ecosystem, users on the X platform began to express concerns about the safety of their funds, while developers questioned the network's reliability and governance mechanisms under extreme conditions, leading to a shift in investor sentiment towards caution and increased selling pressure. Many voices pointed out that the rollback itself exposed the reality of centralized control on-chain, turning the original technical incident into a crisis of trust.

Some community opinions further targeted the core principles of blockchain. Some believe that the rollback directly undermined transaction finality and immutability, making Flow appear more like a consortium chain subject to administrative intervention at a critical moment. Others compared historical security incidents of other public chains, pointing out that similar situations are usually handled by isolating the attacker's address and freezing the flow of funds, rather than performing a global rollback of the entire network state.

Crypto KOL Wazz (@WazzCrypto) bluntly stated on the X platform that Flow's rollback decision is one of the worst handling methods he has ever seen. In his view, the attacker had already transferred approximately $4 million in assets off-chain, and would hardly be materially affected by the rollback; instead, the real cost would be borne by innocent users who were using the network normally through cross-chain bridges.

Flow Official Changes Stance: Abandon Rollback and Adopt Isolation Recovery New Plan

In the face of strong opposition from partners and the community, Flow officials ultimately decided to abandon the network rollback and shift to an "isolation recovery plan." This plan was directly negotiated with cross-chain bridges, exchanges, and infrastructure partners, and its key points include:

• No rollback/reorganization, retaining all legitimate user activities;
• No need for partners to replay transactions;
• Over 99.9% of accounts unaffected, resuming normal operations upon restart;
• During the restart, temporarily restrict accounts from receiving illegally minted tokens;

Additionally, the network will recover in phases:

• Phase one: Cadence environment goes live, EVM temporarily restricted;
• Phase two: Cadence fix (approximately 24 to 48 hours);
• Phase three: EVM fix and restart;
• Phase four: Cross-chain bridges/exchanges resume access, with specific recovery times determined by the operators based on actual conditions after confirming stability.

Furthermore, the team behind Flow, Dapper Labs, expressed support for this plan on the X platform, stating "retain legitimate activities and provide a clear recovery path."

This "abandon rollback" attitude has temporarily alleviated the tense emotions within the ecosystem and avoided the systemic risk spread that a rollback could trigger. As of now, the network is still in the process of phased coordination and recovery, with officials stating that user funds remain secure.

In an environment of high uncertainty in the crypto market, this crisis may become an important watershed in Flow's development path, and its long-term impact remains to be seen.