An attacker exploited a vulnerability in the execution layer and moved approximately $3.9 million in assets off-network before validators coordinated a network shutdown. It is important to note that the exploit did not affect existing users’ balances.
All deposits remained intact and the Foundation has since charted the exit path while working closely with exchanges, bridge operators and forensic teams to contain and remediate the situation.
Immediate containment and sanitation
This incident highlights the importance of robust security in rapidly growing blockchain networks. Flow, known for hosting applications such as NBA Top Shot and other NFT platforms, is integrated with several bridges and infrastructure providers. Coordinated responses like these are becoming the norm as cross-chain activity grows. As a reminder, cross-chain bridges processed over $20 billion in volume last quarter alone, making rapid response to incidents critical to maintaining trust.
This is the verified update of the Flow Foundation.
CONFIRMED INCIDENT
On December 27, 2025, an attacker exploited a vulnerability in Flow’s execution layer and moved approximately $3.9 million in assets off-network before validators executed a coordinated shutdown.
Critically, this…
– Flow.com (@flow_blockchain) December 27, 2025
Following the attack, Flow validators interrupted network activity to cut off all exit paths. The Foundation reported that funds primarily flowed through bridges such as Celer, Debridge, Relay and Stargate, with active laundering tracked through Thorchain and Chainflip. Freeze requests were immediately submitted to major stablecoin issuers and exchanges to prevent further unauthorized transfers.
UPDATE: ECOSYSTEM COORDINATION PHASE
The Foundation is coordinating with critical infrastructure partners to finalize the optimal restart path.
CURRENT STATUS
→ A sanitation plan has been distributed to ecosystem partners and is currently being evaluated
→ This process includes…– Flow.com (@flow_blockchain) December 28, 2025
The network patch, dubbed Mainnet 28, was developed and deployed by validators, restoring the ledger to a checkpoint before the exploit. Users who submitted transactions between 11:25 p.m. PST on December 26 and the network shutdown at 5:30 a.m. PST on December 27 may need to resubmit their activity. All other user balances and assets remain secure. The phased recovery approach prioritizes the safe resumption of operations, starting with a read-only state, followed by full remediation of Cadence, and finally reactivation of the EVM.
Coordinated ecosystem recovery
Flow’s extensive integrations require careful synchronization with ecosystem partners before resuming normal transaction ingestion. Bridges, exchanges, and dApps must align with the restored ledger to avoid inconsistencies. The attack affected no more than 99.9% of accounts. The Flow blockchain team identifies and destroys fraudulent assets through verifiable on-chain transactions. Accounts affected by the attack will regain access immediately after verification.
We have examined the latest recovery plan proposed by the @flow_blockchain Core and main protocol team. The revised approach preserves all legitimate user activity (meaning no rollback is required) and provides a clear path to restore network operations.
Dapper Labs fully…
– Dapper Labs (@dapperlabs) December 29, 2025
This incident highlights a broader blockchain trend. Networks are increasingly interconnected, so security breaches can impact multiple platforms. Similar events, like the $625 million Ronin Bridge feat in 2022, demonstrate the critical role of rapid coordination and transparent communication. Flow’s transparent updates and progressive remediation plan provide a model for other ecosystems to follow.
Disclaimer
The information provided by Altcoin Buzz does not constitute financial advice. It is intended for educational, entertainment and informational purposes only. Any opinions or strategies shared are those of the editors/reviewers, and their risk tolerance may differ from yours. We are not responsible for any losses you may incur as a result of investments related to the information provided. Bitcoin and other cryptocurrencies are high-risk assets; therefore, perform thorough due diligence. Copyright Altcoin Buzz Pte Ltd.
