$3.9 Million Stolen, Token Plummeted: Flow's Rollback Plan Triggers Eco War

By: blockbeats|2025/12/29 07:00:03

Original Title: "Hacker Attack Causes Flow to Halve in Value, Rollback Plan Triggers Ecosystem Civil War"

Original Author: Asher, Odaily Planet Daily

Last Saturday afternoon, a sudden hacker attack threw the Flow network into chaos. This Layer 1 network built by the Dapper Labs team, designed for the next generation of applications, games, and digital assets, witnessed $3.9 million in assets being moved off-chain as an exploit at the execution layer was leveraged. Following the attack, its token FLOW experienced a temporary 50% drop, plummeting from $0.173 to $0.079, with the price currently rebounding slightly to around $0.107.

.9 Million Stolen, Token Plummeted: Flow's Rollback Plan Triggers Eco War

FLOW Candlestick Chart

Below, Odaily Planet Daily will summarize the recent Flow hack, official response, and why it sparked strong doubts from Flow partners and the community.

Flow Official Emergency Response: Network Isolation and Announcement of Rollback Plan

Following the attack, the Flow Foundation promptly responded and confirmed the event details. The attacker exploited an execution layer vulnerability to transfer around $3.9 million in assets, with user balances unaffected by the incident, and user deposits remaining secure. The related attack addresses have been blacklisted, and the money laundering trail is actively being traced, with the Foundation having submitted asset freeze requests to Circle, Tether, and several major exchanges.

To clean up illicit on-chain transactions and fix the vulnerability, the Flow Foundation has isolated the network and released the Mainnet 28 version with a bug fix. The Foundation's initial response plan is to rollback the network state to a checkpoint before the attack occurred, specifically at Cadence block height 137363395, thereby erasing all transaction records generated in approximately 6 hours. Whether the transactions were legitimate or not, they will all be removed, and users will need to resubmit their transactions after node restart. The Foundation believes this plan is the safest path to restore network integrity, emphasizing repeatedly that user funds will not be affected throughout the process, while committing to updating the community on progress every two hours.

While this rollback decision may seem decisive, it quickly ignited an ecosystem powder keg—since the hacker's funds had already been bridged out of the chain, the rollback would have no impact on the attacker and would only affect honest users and partners.

Cross-Chain Bridge Partners and Community Strongly Oppose, Rollback Plan Under Fire

After the rollback plan was announced, cross-chain bridge partners within the Flow ecosystem and community users quickly faced collective scrutiny. Alex Smirnov, co-founder of Flow's main cross-chain bridge partner deBridge, publicly criticized the decision on X Platform, stating that it was too hasty and did not involve any communication with key bridge partners beforehand. As a crucial asset pathway in the Flow ecosystem, deBridge did not receive any advance notice regarding the rollback.

Smirnov pointed out that the potential damage caused by the rollback could far exceed the initial hack itself. Since cross-chain assets have been transacted across multiple systems, forcing a rollback would result in serious issues such as asset duplication and inconsistent custody statuses, ultimately harming the bridges, users, and counterparties operating normally within the timeframe. He revealed that around $200,000 and $50,000 in deposits are within the rollback timeframe on deBridge, and if the rollback is executed, it could lead to funds disappearing into thin air on one side or extreme cases of asset double-spending.

Due to the aforementioned risks, Smirnov called on Flow validators to pause block production and validation until all compensation plans, partner coordination mechanisms, and independent security team intervention plans are clearly outlined. Similar issues are not isolated incidents. As the main cross-chain custodian of USDC on the Flow network, LayerZero also faces cross-chain transaction risks of around $220,000 and $180,000 within the rollback window.

In addition to the cross-chain bridge partners within the Flow ecosystem, on X Platform, users have started expressing concerns about fund security in a concentrated manner, developers have questioned the network's reliability and governance mechanisms under extreme circumstances, and investor sentiment has shifted towards caution, exacerbating selling pressure. Many voices directly point out that the rollback itself has exposed the on-chain centralization control, turning the original technical glitch into a trust crisis.

Some community perspectives further target the core principles of blockchain. Some believe that the rollback directly undermines transaction finality and immutability, making Flow appear more like a centrally controlled consortium chain at a critical moment. Others compare this to historical security incidents on other blockchains, indicating that similar situations are usually handled by isolating the attacker's address or freezing fund flows rather than performing a global network rollback.

Crypto KOL Wazz (@WazzCrypto) bluntly stated on X Platform that Flow's rollback decision is one of the worst handling methods he has ever seen. In his view, the attacker had already moved around $4 million worth of assets off-chain, hardly affected by the rollback, while the innocent users who were utilizing the network normally through the cross-chain bridge are the ones truly bearing the consequences.

Flow Official Shifts Stance: Abandons Rollback, Adopts Isolation Recovery Plan

Facing strong opposition from partners and the community, the Flow team has ultimately decided to abandon the network rollback and pivot to an "isolation recovery plan." This plan was developed through direct negotiation with cross-chain bridges, exchanges, and infrastructure partners and includes the following key points:

· No rollback/reorg, preserving all legitimate user activity;

· No need for partners to replay transactions;

· Over 99.9% of accounts unaffected, ready to resume normal operations upon restart;

· Upon restart, temporarily restrict accounts receiving illicitly minted tokens;

Furthermore, the network will undergo a phased recovery:

· Phase one, Cadence environment goes live, with EVM temporarily restricted;

· Phase two, Cadence fix (approximately 24 to 48 hours);

· Phase three, EVM fix and restart;

· Phase four, cross-chain bridges/exchanges resume operations, with the specific recovery timing to be determined by the operators based on stability confirmation.

Additionally, the team behind Flow, Dapper Labs, has expressed support for this plan on Platform X, stating, "Preserve legitimate activity, provide a clear recovery path."

This "rollback abandonment" stance has alleviated short-term ecosystem tension and averted potential systemic risk propagation from a rollback. As of now, the network is still in a phased coordination and recovery process, with officials indicating that user funds remain secure.

In an environment of high crypto market uncertainty, this crisis may become a significant turning point in Flow's development path, with its long-term impact awaiting further validation by time.

Original Article Link

Looking at revenue alone (Note: Lighter's revenue has not been market-validated for a year like Hyperliquid), by simply annualizing based on the revenue of the past month, Lighter's annualized revenue could reach 250 million USD. This means that Lighter's Price-to-Sales ratio (market cap/revenue) multiple is only 2.5 times, far lower than Hyperliquid's 7.6 times, ridiculously cheap.

Take a closer look at a closer competitor, Aster. Aster's TVL is comparable to Lighter's, with an Open Interest (OI) of about one billion more than Lighter's. However, its FDV reaches up to 7 billion, with a circulating market cap of around 2 billion. In contrast, Lighter's trading price is only one-third of Aster's.

Ask yourself: Even considering Aster's Binance/CZ halo, is Lighter's price at only one-third of Aster's reasonable? In my opinion, based on the current valuation, Lighter is severely undervalued fundamentally.

Looking at the fundamentals, you will find that only two tokens can sustain a high revenue multiple in the long run: Hyperliquid and DYDX. Why? The former has the most transparent buyback mechanism, while the latter has stood the test of time in this industry. Unlike other listed Perp Dexes, Lighter does not have a top-tier influencer like CZ or liquidity support from Coinbase to artificially pump, nor does it face the dilemma of "lack of real users" like other competitors.

Additionally, it is important to note that the over-the-counter market (SOTC) usually carries a discount because buyers bear default risks (if the opening price is twice as high as the OTC transaction price, sellers have an incentive to default), which causes people not to offer high prices in OTC but to wait and see the actual listing performance.

I choose to annualize based on the revenue of the last month for a reason: in the crypto world, everyone only has a 7-second memory, and no one has the ability to see clearly or trade for the future a year later. Therefore, only the immediate revenue of the last month is the most important indicator.

Funds Flow

The reason why Hyperliquid was able to break out on an independent trend is that many early LPs did not believe in its model. This led to those sharp-sighted retail investors sweeping all the chips and then selling to the belated buyers at a high price.

In conversations with a large number of VCs over the past few months, I have noticed a phenomenon: except for Paradigm, almost everyone missed out on Hyperliquid. This means that every VC with a liquidity fund (the vast majority of them do) will try to catch the next $HYPE.

Who is the next Hyperliquid? It's quite simple; just do a "pattern matching" between Lighter's storyline and Hyperliquid, and you'll find it's Lighter.

Looking at the token distribution, you will find: the large holders of Hyperliquid have also become the large holders and deep users of Lighter. The secret to wealth for this group of people is simple: Hold

errorToken Buyback

Passive spot buying is the only thing that can support the coin price. BTC has MicroStrategy's Saylor, ETH has Tom Lee, but for altcoins, the market only recognizes income buybacks. If you want to keep the price firm, you need passive buying in the form of buybacks. Hyperliquid understands this well.

Lighter is essentially a replica of Hyperliquid. Founder Vlad has made it clear that they will conduct buybacks. While you can't expect them to buy back 97% of the tokens, buying back 30% or 50% is reasonable. As long as there is an eight-figure (tens of millions) passive buy, this is attractive enough.

Note: In their $68 million financing (mainly for the insurance fund), the team has allocated some funds for token buybacks at TGE. This is similar to the early Hyperliquid's $75 million spot buy.

Deep Integration with Robinhood

Vlad Tenev (Robinhood's Vlad1) previously interned at Addepar for Vlad (Vlad2) from Lighter, and that's how they met. Robinhood is an investor in Lighter, and Vlad1 is also an advisor to Lighter.

There have been numerous rumors in the industry about using Lighter on Robinhood's chain. Lighter's goal is composability and will be integrated into Ethereum L1, ultimately achieving collateralized LLP token lending. This composability aligns with Robinhood's vision of "tokenizing everything" and putting everything on-chain.

While this is speculation, I support the argument that Robinhood will acquire a significant stake in Lighter (whether through tokens or equity). Given the similarity of their Payment for Order Flow (PFOF) models, I speculate that once Robinhood holds Lighter shares, it will redirect a significant portion of its traffic to Lighter. This will further strengthen this narrative.

RWA Trading

Although not limited to Lighter, RWA contract trading has proven to be a key early product-market fit. Data shows that Lighter's daily trading volume for all RWA products is $517 million, with an open interest (OI) of $271 million. Compared to Hyperliquid, Lighter is quickly catching up and even surpassing.

One key distinction is that Lighter's RWA service is not provided by a third party in the ecosystem, but rather self-operated. This makes coordination and onboarding of new assets smoother and faster. Additionally, Lighter's majority of trading volume comes from its FX contract, while Hyperliquid is mainly index contracts (80%). Ultimately, this will evolve into a pure competition of liquidity and order book depth to vie for users.

Hyperliquid's First True Competitor

The derivative market is growing rapidly, and despite a loyal fan base on Twitter shouting "Hyperliquid is the only one," the market is large enough to accommodate multiple top players. Robinhood has also opened up futures trading, as futures have a strong foothold in the crypto space and are indeed a superior trading method compared to options.

Solving the full collateral issue is the most critical challenge that Hyperliquid has outsourced to Flood and Fullstack Trade. To my knowledge, Flood is at least 6 months away from solving this problem. Lighter's larger team is more likely to tackle this challenge. Yes, Hyperliquid has a first-mover advantage, but if Lighter can swiftly integrate this feature, they may well take a slice of their cake.

Privacy

While Hyperliquid has built a cult-like community culture, its architecture has a fatal flaw for whales: complete transparency.

On Hyperliquid, leaderboards and on-chain data broadcast every large position, entry price, and liquidation point to the world. This turns trading into a PvP arena where predatory players like me can specifically hunt whales' liquidation orders and front-run large funds. Leveraging liquidation data to predict short-term tops and bottoms is traceable, and I know many traders continue to profit through this strategy.

Lighter positions itself as the antidote to this risk. By obfuscating trading flows and shielding position data, its operation is more akin to an on-chain dark pool rather than a standard DEX. For "smart money" and large funds, anonymity is not just a feature—it is a necessity. If you have a significant amount of funds, you absolutely cannot trade in a place that directly exposes your hand and liquidation point to the counterparty. As DeFi matures, venues that can protect user alpha will inevitably attract the largest flows of funds.