The Circulate Basis on Tuesday revealed a technical autopsy detailing a protocol-level exploit that occurred on Dec. 27, when an attacker was in a position to counterfeit tokens on the community, leading to about $3.9 million in confirmed losses earlier than the exploit was contained.
Based on the report, the attacker exploited a flaw in Circulate’s Cadence runtime that allowed sure property to be duplicated moderately than minted, bypassing provide controls with out accessing or draining current consumer balances. Validators coordinated a community halt inside six hours of the primary malicious transaction, whereas alternate companions froze most counterfeit property earlier than they might be bought.
Circulate mentioned the short-term halt positioned the community right into a read-only mode to sever exit paths and stop additional duplication whereas the difficulty was investigated. Operations resumed two days later beneath an “remoted restoration” plan that preserved authentic transaction historical past and approved the restoration and everlasting destruction of counterfeit property by means of a governance-approved course of.
The Circulate Basis, which helps the Circulate community, mentioned no current consumer balances have been compromised, because the exploit duplicated property moderately than eradicating funds from accounts. A restricted variety of accounts that interacted with counterfeit tokens have been briefly restricted as a precaution, whereas greater than 99% of accounts retained full entry throughout and after the restoration.
Whereas the attacker generated a big quantity of counterfeit tokens onchain, Circulate mentioned the overwhelming majority have been contained or frozen earlier than liquidation.
The Basis mentioned it has since patched the underlying vulnerability, added stricter runtime checks and expanded regression testing to stop comparable exploits. It is also working with forensic companions and legislation enforcement and plans to strengthen monitoring and bug-bounty applications as a part of broader safety hardening.
Associated: NFTs shifted to utility and tradition as value light in 2025
Circulate’s post-NFT downturn
Dapper Labs, the creators of the non-fungible token mission CryptoKitties, introduced the event of Circulate in September 2019 as a brand new layer 1 blockchain designed to handle scalability challenges dealing with client functions reminiscent of video games and digital collectibles.
Early success with NBA Prime Shot, an NFT platform for buying and selling formally licensed NBA video highlights, helped carry mainstream consideration to the Circulate blockchain in 2020 and 2021. In opposition to this backdrop, the community’s FLOW token surged previous $40 in 2021, in line with knowledge from CoinGecko.
Circulate’s momentum carried into 2022, the place the mission raised about $725 million from buyers, together with Andreessen Horowitz (a16z) and Union Sq. Ventures, to assist ecosystem growth.
As exercise throughout the NFT market cooled within the years that adopted, the FLOW token additionally misplaced momentum and has since fallen outdoors the highest 300 cryptocurrencies by market capitalization.
The decline accelerated following the Dec. 27 hack, when FLOW plunged by round 40% over 5 hours.
The token later slid to a low of $0.075 on Jan. 2 earlier than starting to recuperate. It was buying and selling close to $0.10 on the time of writing, up about 16% over the previous 24 hours, in line with Cointelegraph knowledge.
Journal: Massive questions: Would Bitcoin survive a 10-year energy outage?
