Flow suffers a $3.9 million loss due to hacking attack: crisis or turning point?

On December 27, attackers exploited a vulnerability in the Flow execution layer to transfer approximately $3.9 million worth of assets off-chain before the validator execution coordination stop operation was verified. The Flow Foundation quickly confirmed that this attack did not affect the balances of existing users, and all user deposits remain intact and secure.

Following the incident, the price of the Flow token experienced intense volatility in a short period. According to market data, the price of FLOW plummeted from about $0.173 before the event to $0.079, a decline of over 50%. As of December 29, the price slightly rebounded to around $0.103.

01 Full Event Overview

On December 27, 2025, the Flow network was subjected to a carefully planned security attack. The attacker exploited a technical vulnerability in the blockchain execution layer, successfully transferring assets worth about $3.9 million off-chain.

After the incident, the Flow Foundation responded swiftly, publicly confirming the attack details. The foundation emphasized that this attack targeted a protocol layer vulnerability, not user accounts, and therefore all user deposits and balances remain safe and unaffected.

According to tracking by blockchain security firms, the stolen funds mainly exited the network via mainstream cross-chain bridges such as Celer, Debridge, Relay, Stargate, etc. The attacker’s wallet addresses have been identified and flagged, and their money laundering activities through Thorchain and Chainflip are being tracked in real-time.

02 Emergency Response

Faced with this sudden security incident, the Flow Foundation quickly activated its emergency mechanisms. The foundation first isolated the network and released a mainnet vulnerability fix version, Mainnet 28.

The initial response plan was to perform a full network rollback—reverting the network state to a checkpoint before the attack, specifically to Cadence block height 137363395. If implemented, this would delete all transaction records generated within approximately six hours, regardless of their legality.

This decision triggered strong reactions from ecosystem partners. Major cross-chain bridge collaborator deBridge co-founder Alex Smirnov publicly criticized the decision as too hasty and said there was insufficient prior communication with key bridging partners.

03 Community Pushback and Plan Adjustment

Following the rollback announcement, intense controversy erupted within the Flow ecosystem. deBridge pointed out that about $200,000 and $50,000 in deposits fell within the rollback window, and executing a rollback could lead to funds vanishing or assets being duplicated.

LayerZero, the main cross-chain custodian for USDC on the Flow network, also faced risks of cross-chain transactions amounting to approximately $220,000 and $180,000 within the rollback window.

On social media platforms like X, users and developers expressed concerns about fund security, questioning the network’s reliability and governance under extreme circumstances. Some community members sharply pointed out that a rollback directly undermines the core blockchain principles of transaction finality and immutability.

Under significant pressure from partners and the community, the Flow Foundation ultimately decided to abandon the network rollback plan and shift to a more refined “Isolation Recovery Plan.”

04 New Recovery Plan Details

After direct negotiations with cross-chain bridges, exchanges, and infrastructure partners, the Flow Foundation proposed a revised recovery plan on December 29. The core feature of this plan is that it does not require a network rollback or reorganization, nor does it ask partners to replay transactions.

According to the new plan, over 99.9% of accounts will remain unaffected and can operate normally after the network restarts. Only accounts that received fraudulent minted tokens will face temporary restrictions.

The recovery plan will be implemented in four phases: first, restoring the Cadence environment with the EVM set to read-only mode; second, fixing the Cadence environment, estimated to take 24 to 48 hours; third, repairing and re-enabling the EVM environment; and finally, cross-chain bridges and exchanges will resume operations after verifying network stability.

05 Market Reaction and Price Fluctuations

The security incident caused significant impact on the FLOW token price. Market data shows that after the attack, the price of FLOW dropped sharply from $0.173 to $0.079 in a short period, a decline of over 50%, with market capitalization shrinking substantially.

As of December 29, with the announcement of the new isolation recovery plan and market sentiment gradually stabilizing, the FLOW price rebounded slightly to around $0.103. This level still lags considerably behind pre-attack levels, reflecting ongoing investor concerns about the event’s impact.

On major trading platforms like Gate, trading activity for FLOW increased markedly after the incident, indicating high market attention. Investors are closely monitoring the network’s recovery progress and the implementation of the new plan to assess its long-term investment value.

06 Industry Comparison and Lessons Learned

This Flow security incident provides a valuable crisis management case for the entire blockchain industry. Unlike previous public chain attacks, where responses were often centralized, the initial choice of a rollback by the Flow Foundation triggered rare public controversy within the ecosystem.

Notably, the opposition from community and partners ultimately prompted the foundation to change its recovery strategy, demonstrating the power of decentralized governance in practical operation. In contrast, some blockchain projects tend to adopt more centralized decision-making in similar situations.

Technically, this incident highlights the importance of security at the execution layer. Although the Flow Foundation stated that user funds were unaffected, the protocol layer vulnerability that caused asset loss shaken market confidence and had a tangible impact on the token price.

Blockchain security firms are conducting in-depth analyses of this attack and are expected to release a comprehensive technical report within 72 hours. This report may reveal the specific mechanism of the vulnerability and provide important security references for the industry.

Future Outlook

As of December 29, the recovery work on the Flow network is progressing as planned. The Cadence environment has been restored and is online, while the EVM remains in read-only mode. Network validators have reached consensus on the Mainnet 28 fix.

With the gradual completion of repairs, over 99.9% of user accounts will regain normal access. Only addresses that directly received fraudulent tokens will face temporary restrictions until independent blockchain forensic companies verify and transparently destroy these illegal tokens.

On the Gate platform, the trading price of FLOW has rebounded from its lowest point and is currently hovering around $0.10. The market is awaiting full network recovery and the release of subsequent security audit results, which will determine the next direction for FLOW’s price.