Zach Anderson
Mar 06, 2026 08:52
Stream Community resolves December 2025 exploit that created counterfeit tokens and brought about $3.9M in losses. FLOW token rebounds 16% as protocol deploys repair.
Stream Community has formally resolved the December 2025 safety incident that allowed an attacker to create counterfeit tokens, leading to roughly $3.9 million in confirmed losses throughout the ecosystem.
The FLOW token has rebounded sharply, buying and selling at $0.10 with a 16% achieve over 24 hours as of January 6, 2026. The restoration follows a brutal 40% crash that pushed costs to $0.075 in early January after the exploit grew to become public.
What Truly Occurred
On December 27, 2025, an attacker found a flaw in Stream’s Cadence runtime—the sensible contract execution layer—that allowed token duplication moderately than correct minting. This bypassed the community’s provide controls fully.
The stolen funds moved shortly off-network by a number of cross-chain bridges together with Celer, Debridge, Relay, and Stargate. Binance froze hacker-linked funds shortly after the exploit, limiting a few of the injury.
Here is what issues for holders: the Stream Basis confirmed that no present person account balances have been compromised. The attacker created counterfeit property from nothing moderately than draining professional wallets.
The Response Timeline
Validators coordinated a community halt inside six hours of detecting malicious exercise, placing Stream into read-only mode. That is quicker than most Layer-1 responses to comparable incidents, although the two-day downtime nonetheless brought about issues.
NFT lending platforms felt the ache significantly arduous—mortgage settlements could not course of throughout the freeze, creating liquidation dangers for some customers.
Operations resumed after validators executed a governance-approved course of to completely destroy the counterfeit property and deploy Mainnet 28, the protocol repair addressing the Cadence vulnerability.
Market Influence
FLOW’s present market cap sits at $142.64 million, nonetheless effectively beneath pre-exploit ranges. The token’s restoration trajectory will rely closely on whether or not any further vulnerabilities floor throughout autopsy audits.
The incident provides Stream to a rising record of protocols hit by runtime-level exploits in late 2025, elevating broader questions on Cadence safety versus extra battle-tested sensible contract languages.
For merchants watching the FLOW restoration, the subsequent catalyst is probably going the discharge of a full technical autopsy, anticipated within the coming weeks based on Stream Basis communications.
Picture supply: Shutterstock
