VERDICT —OUT OF SCOPE
Root cause is infrastructure (DNS / cloud / database / third-party API) compromise, not on-chain contract logic. Pre-deployment source review would not surface this; coverage lives in cloud-security + supply-chain audit, separate discipline.
▰ METHOD
INFRASTRUCTURE
INFRASTRUCTURE
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
The Flow Foundation announced that an attacker exploited a vulnerability in the Flow execution layer, transferring approximately $3.9 million in assets off the network before validators were able to coordinate and halt operations. The incident did not affect existing user balances, and all user deposits remain intact. Attack method (per SlowMist): Execution Layer Vulnerability. Reported loss: $ 3,900,000.
Primary source
https://x.com/findlabs/status/2005021008156078274 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Flow
- bug_class
- infrastructure
- date_occurred
- 2025-12-27
- loss_usd
- $3,900,000
- source_id
- sm:flow::2025-12-27
Related — same bug class· infrastructure