The Stream Basis on Tuesday printed a technical autopsy detailing a protocol-level exploit that occurred on Dec. 27, when an attacker was in a position to counterfeit tokens on the community, leading to about $3.9 million in confirmed losses earlier than the exploit was contained.
In response to the report, the attacker exploited a flaw in Stream’s Cadence runtime that allowed sure belongings to be duplicated slightly than minted, bypassing provide controls with out accessing or draining current person balances. Validators coordinated a community halt inside six hours of the primary malicious transaction, whereas change companions froze most counterfeit belongings earlier than they may very well be bought.
Stream stated the non permanent halt positioned the community right into a read-only mode to sever exit paths and stop additional duplication whereas the difficulty was investigated. Operations resumed two days later underneath an “remoted restoration” plan that preserved legit transaction historical past and approved the restoration and everlasting destruction of counterfeit belongings by way of a governance-approved course of.
The Stream Basis, which helps the Stream community, stated no current person balances had been compromised, because the exploit duplicated belongings slightly than eradicating funds from accounts. A restricted variety of accounts that interacted with counterfeit tokens had been quickly restricted as a precaution, whereas greater than 99% of accounts retained full entry throughout and after the restoration.
Whereas the attacker generated a big quantity of counterfeit tokens onchain, Stream stated the overwhelming majority had been contained or frozen earlier than liquidation.
The Basis stated it has since patched the underlying vulnerability, added stricter runtime checks and expanded regression testing to stop related exploits. It is also working with forensic companions and regulation enforcement and plans to strengthen monitoring and bug-bounty packages as a part of broader safety hardening.
Associated: NFTs shifted to utility and culture as price faded in 2025
Stream’s post-NFT downturn
Dapper Labs, the creators of the non-fungible token challenge CryptoKitties, announced the event of Stream in September 2019 as a brand new layer 1 blockchain designed to deal with scalability challenges going through shopper purposes corresponding to video games and digital collectibles.
Early success with NBA Top Shot, an NFT platform for buying and selling formally licensed NBA video highlights, helped convey mainstream consideration to the Stream blockchain in 2020 and 2021. Towards this backdrop, the community’s FLOW token surged previous $40 in 2021, in accordance with data from CoinGecko.
Stream’s momentum carried into 2022, the place the challenge raised about $725 million from investors, together with Andreessen Horowitz (a16z) and Union Sq. Ventures, to help ecosystem improvement.
As exercise throughout the NFT market cooled within the years that adopted, the FLOW token additionally misplaced momentum and has since fallen outdoors the highest 300 cryptocurrencies by market capitalization.
The decline accelerated following the Dec. 27 hack, when FLOW plunged by round 40% over 5 hours.
The token later slid to a low of $0.075 on Jan. 2 earlier than starting to recuperate. It was buying and selling close to $0.10 on the time of writing, up about 16% over the previous 24 hours, in accordance with Cointelegraph information.
Journal: Big questions: Would Bitcoin survive a 10-year power outage?
