The Flow blockchain suffered a security exploit in its execution layer, allowing an attacker to mint unauthorized tokens including FLOW, wrapped BTC, ETH, and stablecoins and drain approximately $3.9 million in assets.
The funds were primarily bridged out via protocols like Celer, deBridge, Relay, and Stargate before validators coordinated a network halt to prevent further losses. Validators paused the chain and initially proposed a rollback reverting to a pre-exploit checkpoint, which would erase several hours of transactions.
This plan drew sharp criticism from ecosystem partners, including bridge operators like deBridge founder Alex Smirnov, who argued it was rushed, lacked coordination, and could cause greater harm—such as doubled balances for some users or unbacked assets on bridges—while undermining blockchain immutability and decentralization principles.
Register for Tekedia Mini-MBA edition 19 (Feb 9 – May 2, 2026): big discounts for early bird.
Tekedia AI in Business Masterclass opens registrations.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab: From Technical Design to Deployment (next edition begins Jan 24 2026).
Revised Plan After Backlash
Following intense community and partner backlash, the Flow Foundation scrapped the rollback on December 29. Instead, it adopted an “isolated recovery plan”: Restart from the last sealed block before the halt, preserving legitimate transaction history.
Temporarily restrict accounts that received fraudulent tokens. Use independent forensics to verify illicit assets, then burn them on-chain via a validator-approved software upgrade.
Phased restoration: Non-EVM (Cadence) environment relaunched first, with EVM in read-only mode initially; over 99.9% of accounts unaffected.
The network has entered Phase 1 recovery, with validators deploying fixes and coordination ongoing. The incident triggered a sharp sell-off, with the $FLOW token dropping over 40% from ~$0.17 to as low as $0.09–$0.10, reflecting eroded confidence. Total value locked (TVL) briefly dipped but partially recovered.
This event highlights ongoing tensions in blockchain governance: balancing rapid crisis response with decentralization and immutability. While the revised approach avoids rewriting history, recovery of the stolen funds remains uncertain, depending on off-chain cooperation.
The Flow mainnet has successfully entered Phase 1 of recovery. The Cadence (non-EVM) environment is fully operational, with over 99.9% of accounts restored to normal functionality. The EVM layer remains in read-only mode, and a small number of accounts linked to fraudulent tokens are temporarily restricted.
Phase 2: remediation via token burns is ongoing expected 24-48 hours, followed by full EVM restoration and bridge resumptions. This phased approach minimizes disruptions for most users. Partial recovery occurred, but the token remains volatile and down significantly, reflecting immediate loss of confidence. TVL dipped ~31% before partial rebound.
The ~$3.9M stolen assets were bridged out mostly to Ethereum/Bitcoin and laundered via protocols like THORChain/Chainflip. Recovery is uncertain—freeze requests were sent to issuers/exchanges, but much has already moved off-chain.
The initial rollback proposal triggered backlash from bridge operators, like deBridge and community, accusing the team of poor coordination and risking decentralization. Scrapping it in favor of an “isolated recovery” targeted restrictions + burns via validator-approved upgrade preserved immutability and was praised by some analysts as a balanced response.
However, temporary admin-like powers like freezing accounts, burning tokens have drawn criticism as undermining decentralization principles, even if revocable and opt-in. Bridges, DEXs, and apps like NBA Top Shot users reporting issues faced temporary disruptions.
Better coordination in future crises could strengthen partnerships, but perceived centralization risks may deter developers or users seeking “pure” decentralization. The exploit exposed a vulnerability in the execution layer likely related to minting/proxy issues. A full post-mortem is promised within days.
This may lead to audits, bug bounties, and upgrades, but repeated incidents could slow growth in consumer-focused apps. This incident highlights tensions in blockchain crisis management: rapid action vs. immutability/decentralization.
Flow’s pivot to community feedback sets a positive example for responsive governance but raises questions about validator power in emergencies. Flow, built for consumer/NFT/DeFi scale by Dapper Labs, has struggled post-2021 hype. Amid 2025’s $3B+ hack wave, this could exacerbate challenges in attracting TVL/institutional interest if confidence lingers low.
Conversely, resilient recovery could demonstrate maturity. Its reinforces 2025 trends—rising exploits, bridge risks, and debates over rollbacks echoing past Ethereum discussions. May push regulators toward stricter accountability and networks toward proactive forensics/coordination tools.
While user funds were largely protected and the revised plan avoided worse outcomes, the event erodes short-term trust. Full recovery depends on transparent remediation, post-mortem insights, and sustained ecosystem activity. Flow’s consumer focus gives it resilience potential, but rebuilding momentum will be key.