Flow $3.9M Cadence exploit: 1.09B fake FLOW, 484M returned and destroyed; recovery underway

Flow disclosed a December 26–27 exploit that produced about $3.9M in counterfeit FLOW by exploiting a type‑confusion bug in the Cadence runtime. The attacker deployed ~40 malicious Cadence contracts beginning at block 137,363,398 and began creating fake FLOW minutes later. Validators coordinated a network pause within six hours (block 137,390,190) to stop further minting. The attacker deposited roughly 1.094 billion fake FLOW to centralized exchanges; Gate.io, MEXC and OKX returned and destroyed 484,434,923 FLOW. Flow reports 98.7% of the remaining counterfeit supply has been isolated on‑chain and is being destroyed; full remediation and exchange coordination are expected within 30 days. No existing user balances were accessed and total legitimate supply was not altered because assets were duplicated rather than removing real balances. Flow chose an isolated recovery (restart from the last sealed block) after consulting infrastructure partners rather than a full rollback. Immediate market reaction included a sharp drop in FLOW price as counterfeit tokens were liquidated; exchange controls and token destruction may limit long‑term circulating supply impact. Traders should expect short‑term sell pressure and heightened volatility for FLOW while audits, patches and exchange reconciliations are completed, and monitor on‑chain proofs of destruction, exchange statements and Flow/Cadence security fixes for signals on confidence restoration.
Bearish
Short term: Bearish. The exploit created over 1 billion counterfeit FLOW and led to immediate liquidations on exchanges, causing sharp sell pressure and a rapid price drop. Even though a large portion (484M) was returned and destroyed and 98.7% of remaining fake tokens are reported isolated, the rapid influx and subsequent exchange handling increase short‑term supply volatility and investor risk aversion. Traders face heightened downside risk until on‑chain destruction proofs and exchange reconciliations are fully verified. Medium/long term: Mixed to neutral-bearish. If Flow completes transparent token destruction, patches Cadence, and publishes thorough audits, confidence could gradually recover and supply impact may be limited — reducing long‑term negative pressure. However, the incident raises structural security concerns about Cadence runtime safety; prolonged scrutiny, slower developer adoption, or reputational damage could weigh on FLOW’s demand over months. Overall impact: primarily short‑term bearish for FLOW with potential partial recovery contingent on transparent remediation and regained market confidence.