The Flow Foundation has confirmed a security incident on the Flow blockchain after an attacker exploited a vulnerability in the network’s execution layer. The exploit occurred on December 27 and allowed the attacker to move roughly $3.9 million in assets off-network before validators executed a coordinated halt.
The Foundation stated early on that the issue was contained quickly and that engineers were working with validators and ecosystem partners to mitigate the damage and prepare a safe recovery.
Read also: From a Zip File to Catastrophe: Radiant’s $50M Hack Explained
What Went Wrong
According to Flow and forensic partner Find Labs, the attacker abused a flaw in execution-layer logic rather than compromising individual wallets. This distinction is critical, as it meant existing user balances were never accessed.
Before the network was halted, the attacker routed funds primarily through cross-chain bridges, moving assets to Ethereum and then attempting to launder them through various protocols. Once suspicious activity was identified, validators paused the network to prevent any further exits.
Read also: Is Pippin Safe? On-Chain Data Raises Key Questions
Network Halt and Rollback
To fully contain the incident, Flow validators agreed to restore the network to a checkpoint prior to the exploit. This rollback removes all unauthorized transactions from the ledger and ensures the chain returns to a known safe state.
As a result, any legitimate transactions submitted between roughly 11:25 PM PST on December 26 and the network halt at 5:30 AM PST on December 27 will need to be resubmitted once full operations resume. The Foundation acknowledged the inconvenience but described the rollback as necessary to protect network integrity.
Read also: Is Aster Safe? Growth Continues, But Critics Raise Questions
Current Network Status
Following validator consensus, a protocol fix labeled Mainnet 28 was deployed. The network is now online in a limited, read-only mode, producing blocks but not accepting new transactions.
Flow is currently in a coordination phase with key ecosystem partners such as bridges, centralized exchanges, and decentralized applications. This synchronization step is meant to prevent balance mismatches or transaction failures once ingestion is re-enabled.
User funds remain safe. Balances held prior to the exploit window were not affected, and the vulnerability did not expose private keys or user wallets. The Foundation described the amount lost as manageable and not a threat to network solvency, with containment completed shortly after the exploit was detected.
Read also: How to recognize a crypto presale scam? Full guide
Market Reaction
Despite assurances around user safety, the market reaction was sharp. FLOW’s price dropped over 50% following confirmation of the exploit, and trading volume spiked as uncertainty spread.
Several exchanges temporarily suspended deposits and withdrawals as a precautionary measure, while monitoring groups placed FLOW on alert lists.
Read also: Trust Wallet Browser Extension Compromised in $7 Million Security Incident
What Comes Next
Flow’s security teams and forensic partners continue to monitor the attacker’s activity and work with exchanges and law enforcement. Additional freeze actions may follow if new fund movements are identified.
A full technical post-mortem is expected within 72 hours. Until then, the Foundation has urged users and developers to rely only on verified updates shared through official channels, with further status reports promised as the network moves toward a full restart.
