Flow rollback plan draws backlash after $3.9M exploit

The Flow blockchain is under fire after proposing a rollback of around six hours of transactions following a $3.9 million exploit.

The Flow Foundation said the rollback would restore the network to a checkpoint before the attack occurred.

Onchain data shows the attacker had already bridged the stolen assets, escaping with the full $3.9 million.

The proposal sparked concern among ecosystem partners who said they received no prior communication.

deBridge co-founder Alex Smirnov said several partners were blindsided by the rollback decision.

The concern is not deBridge's balance sheet, but preventing cascading losses being pushed onto ecosystem partners, liquidity providers and users who had no involvement in the exploit.

Alex Smirnov said.

Smirnov said deBridge has no direct exposure due to its non-custodial, zero-TVL design.

He warned that a rollback could cause greater damage than the exploit itself by creating inconsistencies across integrated platforms.

Smirnov said deBridge urged Flow to form a coordinated war room with bridges, custodians, exchanges and security groups.

The Flow Foundation said it extended the coordination window to reduce the risk of service disruptions.

Resuming ingestion before all partners are synced could lead to data inconsistencies or service interruptions for users.

The Flow Foundation said.

The Foundation missed a promised update deadline before later saying it was reviewing partner feedback.

The exploit was confirmed on December 27 and involved a vulnerability in Flow’s execution layer.

Security expert Taylor Monahan said the attacker minted FLOW and other bridged tokens.

The FLOW token dropped more than 40% after the disclosure before stabilising near $0.11.

At the time of reporting, Flow price was $0.1064.