On December 27, attackers exploited a vulnerability in the Flow execution layer, transferring approximately $3.9 million worth of assets off the network before validators could coordinate a network halt. The Flow Foundation quickly confirmed that this attack did not impact existing user balances—all user deposits remained fully intact.
Following the incident, the price of the Flow token experienced extreme volatility. According to market data, the FLOW price plunged from around $0.173 before the event to $0.079, a drop of over 50%. As of December 29, the price had slightly rebounded to about $0.103.
01 Incident Overview
On December 27, 2025, the Flow network suffered a highly coordinated security attack. Exploiting a technical vulnerability in the blockchain’s execution layer, the attackers managed to siphon off assets valued at roughly $3.9 million.
In response, the Flow Foundation acted swiftly and publicly disclosed the attack details. The Foundation emphasized that this incident targeted a protocol-level vulnerability, not user accounts, so all user deposits and balances remained safe and unaffected.
Blockchain security firms tracking the incident found that the stolen funds were mainly moved off-network via major cross-chain bridges such as Celer, Debridge, Relay, and Stargate. The attacker’s wallet address has been identified and flagged, and their laundering activities through Thorchain and Chainflip are under real-time surveillance.
02 Emergency Response
In the face of this sudden security breach, the Flow Foundation immediately activated its emergency protocols. The team first isolated the network and released a patched mainnet version, Mainnet 28.
The initial response plan called for a full network rollback—reverting the network state to a checkpoint before the attack at Cadence block height 137363395. If implemented, this would erase all transaction records generated within roughly six hours, regardless of their legitimacy.
This decision quickly sparked strong reactions from ecosystem partners. Alex Smirnov, co-founder of major cross-chain bridge partner deBridge, publicly criticized the move as hasty and said there had been insufficient communication with key bridging partners beforehand.
03 Community Backlash and Plan Adjustment
The rollback proposal immediately triggered heated debate within the Flow ecosystem. deBridge pointed out that about $200,000 and $50,000 in deposits fell within the rollback window. Executing the rollback could result in funds vanishing or assets being double-minted, creating extreme scenarios.
LayerZero, the primary cross-chain custodian for USDC on Flow, also faced cross-chain transaction risks of about $220,000 and $180,000 within the rollback window.
On platforms like X, users and developers voiced concerns over fund safety, questioning the network’s reliability and governance during extreme events. Some community members sharply noted that the rollback directly undermined the finality and immutability of transactions, which are core blockchain principles.
Facing intense pressure from partners and the community, the Flow Foundation ultimately abandoned the network rollback plan and shifted to a more targeted "isolated recovery plan."
04 Analysis of the New Recovery Plan
After direct consultations with cross-chain bridges, exchanges, and infrastructure partners, the Flow Foundation unveiled a revised recovery plan on December 29. The core feature of this plan is that no network rollback or reorganization is required, nor will partners need to replay transactions.
Under the new plan, more than 99.9% of accounts will remain unaffected and can resume normal operations once the network restarts. Only accounts that received fraudulently minted tokens will face temporary restrictions.
The recovery will proceed in four stages: first, restoring the Cadence environment with the EVM set to read-only; then, repairing the Cadence environment, expected to take 24 to 48 hours; next, fixing and re-enabling the EVM environment; and finally, cross-chain bridges and exchanges will resume operations once network stability is confirmed.
05 Market Reaction and Price Volatility
The security incident had a significant impact on the price of FLOW tokens. Market data shows that after the attack, FLOW’s price plunged from $0.173 to $0.079 in a short period—a drop of over 50%—with its market capitalization shrinking sharply.
As of December 29, with the announcement of the new isolated recovery plan and stabilizing market sentiment, the FLOW price had rebounded slightly to around $0.103. However, this level remains well below the pre-attack price, reflecting ongoing investor concerns about the incident’s impact.
On major trading platforms like Gate, FLOW trading activity surged after the event, highlighting the market’s intense focus on the situation. Investors are closely monitoring the Flow network’s recovery progress and the implementation of the new plan to assess its long-term investment value.
06 Industry Comparison and Lessons Learned
The handling of this Flow security incident offers the broader blockchain industry a valuable case study in crisis management. Unlike previous responses to public chain attacks, the Flow Foundation’s initial rollback plan sparked rare, open controversy within the ecosystem.
Notably, opposition from the community and partners ultimately pushed the Foundation to change its recovery strategy, demonstrating the real-world power of decentralized governance. By contrast, some blockchain projects have tended toward more centralized decision-making in similar situations.
From a technical perspective, this incident highlights the critical importance of execution layer security. Although the Flow Foundation stated that user funds were unaffected, the protocol-level vulnerability still shook market confidence and had a tangible impact on token prices.
Blockchain security firms are conducting in-depth analyses of the attack and are expected to release comprehensive technical reports within 72 hours. These reports may reveal the specific mechanics of the vulnerability and provide important security references for the entire industry.
Outlook
As of December 29, recovery efforts for the Flow network are progressing as planned. The Cadence environment has been restored, while the EVM remains in read-only mode. Network validators have reached consensus and accepted the Mainnet 28 patch.
With repairs advancing, more than 99.9% of user accounts will regain normal access. Only addresses that directly received fraudulent tokens will face temporary restrictions, which will remain in place until an independent blockchain forensics firm completes verification and transparently destroys those illicit tokens.
On the Gate platform, FLOW’s trading price has rebounded from its lowest point and is now hovering near $0.10. The market is awaiting the full restoration of network operations and the release of subsequent security audit results, which will determine the next direction for FLOW’s price.
