• A protocol exploit within the Circulation blockchain’s Cadence runtime on December 27 allowed an attacker to create $3.9 million in counterfeit tokens.
  • Community validators halted the chain inside six hours and froze most fraudulent belongings on exchanges earlier than they may very well be liquidated.
  • Circulation has patched the vulnerability and destroyed the counterfeit tokens through a governance-approved restoration plan, with 99% of accounts remaining unaffected.

The Flow blockchain contained a Dec. 27 protocol exploit that permit an attacker create counterfeit tokens by abusing a flaw within the community’s Cadence runtime, resulting in about US$3.9 million (AU$5.9 million) in confirmed losses earlier than the incident was stopped, the Circulation Basis stated Tuesday in a technical autopsy.

The Basis said the attacker didn’t break into wallets or drain present balances. As an alternative, the bug allowed some belongings to be duplicated in a manner that bypassed regular provide controls, successfully creating further tokens that ought to not have existed. 

The danger was that counterfeit tokens may very well be bought into actual markets earlier than being detected.

Learn extra: Surviving 2026: Aussie Analysts on How to Filter Financial Noise and Master the Final Cycle

How the Circulation Incident Went Down

Crypto Information Australia reported final week that Circulation began rebuilding its community after the group realized an exploit on Saturday. It began with suspicious alternate exercise tied to a big FLOW token deposit and fast withdrawals.

Circulation stated validators coordinated a halt inside six hours of the primary malicious transaction and switched the community right into a read-only mode to dam “exit paths” whereas the group investigated. The Basis stated alternate companions additionally froze many of the counterfeit belongings earlier than they may very well be liquidated. 

Two days later, Circulation restarted beneath an “remoted restoration” plan designed to maintain legitimate transaction historical past intact whereas enabling a governance-approved course of to recuperate and completely destroy the counterfeit tokens.

Most accounts weren’t affected operationally. Circulation stated greater than 99% of accounts retained full entry throughout and after restoration, whereas a small variety of accounts that interacted with the counterfeit tokens have been briefly restricted as a precaution.

The Basis stated it has patched the vulnerability, added stricter runtime checks, and expanded regression testing. It additionally stated it’s working with forensic companions and regulation enforcement, and plans to strengthen monitoring and bug-bounty packages as a part of broader safety hardening.

The circulate token is down 53% since its launch in early December, at present buying and selling at US$0.1012 (AU$0.15), as per CoinGecko information.

Associated: Analysts Say Bitcoin Finds Its Footing as 2026 Opens, Eyes Turn to ETF Flow

The publish Flow Details $3.9M Token Duplication Exploit, Network Halted Within Hours appeared first on Crypto News Australia.