A certain exchange's tactics in the Flow security incident: absorbing hacker tokens and transferring the risk to users

Flow Foundation issued a statement on January 1st, revealing an unsettling detail: after the security incident on December 27th, a certain exchange exhibited obvious abnormal trading behavior. Not only did this exchange fail to intervene promptly, but it also transferred the risk to completely innocent users through a series of operations. This is not a technical issue but a compliance problem.

The “Tactics” of the Exchange: How Hackers’ Tokens Are Absorbed

According to forensic analysis by Flow Foundation, shortly after the incident, the following anomalies appeared on a certain exchange:

Abnormal fund flows

A single account deposited approximately 150 million FLOW tokens on this exchange. How outrageous is this number? It accounts for 10% of the total FLOW supply. Subsequently, this account exchanged a significant portion of these tokens for BTC and withdrew over $5 million within a few hours before the network interruption.

What does this series of operations indicate? It suggests that these funds are very likely from hackers, and the exchange took no effective risk control measures throughout the process.

AML/KYC processes are a sham

Flow Foundation pointed out that this incident exposed serious flaws in the exchange’s AML/KYC procedures. It’s important to note that AML (Anti-Money Laundering) and KYC (Know Your Customer) are fundamental compliance requirements for global financial institutions, aimed at preventing illegal fund inflows.

A single account suddenly depositing tokens worth 10% of the total supply should trigger immediate alerts in any exchange’s risk control system. But this exchange did not.

Users Become the Final Victims

What’s even more infuriating is that the exchange not only failed to stop this abnormal transaction but also shifted the risk onto innocent users.

Risk transfer mechanism

When hackers sell大量FLOW tokens on the exchange, the market is flooded with these “fraudulent tokens.” Unaware users buy these tokens during normal trading, effectively paying for the exchange’s negligence. The risks faced by these users include:

• Purchased tokens may be subject to rollback or freezing
• Token value may further depreciate
• No compensation from the exchange

The exchange’s silence

Worse still, Flow Foundation pointed out that forensic analysis found significant trading anomalies in the FLOW market before and after the incident that deviated from normal trading patterns. The foundation’s requests for clarification through operational channels regarding these trading patterns went unanswered.

In other words, this exchange not only neglected its duties but also avoided responsibility.

Market’s Genuine Reaction

The market’s panic can be seen from FLOW’s price performance. According to the latest data, FLOW has dropped 50.04% in the past 7 days and 60.46% over the past 30 days. The current price has fallen to $0.085735. This is not just a technical issue; it’s a collapse of trust in the exchange.

Industry Lessons

This incident reveals several deep-rooted issues:

• Some exchanges’ compliance systems are far less rigorous than imagined
• AML/KYC is not just a formality but the first line of defense in risk control
• Transparency and communication during security incidents are crucial for exchanges
• Users need more protection, not passive risk bearing

Summary

The security incident involving Flow exposed not only technical vulnerabilities but also significant gaps in compliance management at certain exchanges. An exchange, through negligent AML/KYC processes, allowed hacker funds to pass smoothly, then ignored abnormal transactions, and finally shifted all risks onto ordinary users. Such practices violate the fundamental responsibilities of an exchange and severely damage the trust foundation of the entire industry.

The key moving forward is whether Flow Foundation can leverage forensic findings to push regulatory authorities to take action, and whether users can receive the compensation they deserve. This time, exchanges need to show genuine sincerity.