A serious security breach on Flow blockchain led to a $3.9 million loss and triggered a decisive two-stage recovery plan to rebuild trust.
Quick Summary – TLDR:
- Flow suffered a $3.9 million exploit on Dec. 27, 2025, involving unauthorized minting of 150M FLOW tokens.
- The foundation launched a two-phase recovery: restoring network stability and burning fake tokens.
- Community backlash halted plans for a network rollback, protecting decentralization values.
- Suspicious trading on a major centralized exchange has raised fresh regulatory concerns.
What Happened?
Flow blockchain was hit by a major security exploit that resulted in the unauthorized minting of 150 million FLOW tokens, about 10 percent of its total supply. The breach led to the loss of $3.9 million and forced the Flow Foundation to pause network operations. In response, the team abandoned its initial idea of a chain rollback and pivoted to a two-phase recovery strategy that better aligned with its community values.
UPDATE: EVM RESTORATION ACCELERATED & PHASE 2 PROGRESS
— Flow.com (@flow_blockchain) January 1, 2026
Remediation of the Flow network continues in Phase 2 with significant progress. The Flow core developer team has identified a path to restore EVM functionality during ongoing Cadence remediation. This unlocks EVM to proceed…
The Two-Stage Recovery in Motion
The foundation’s recovery plan is split into two clear phases: stabilization and remediation.
- Phase one focused on normalizing the Cadence chain, Flow’s native environment for smart contracts and NFTs. This part of the network is now reported to be stable.
- Phase two, currently underway, targets the Ethereum Virtual Machine (EVM) compatibility layer, which supports Ethereum-based applications. Developers have already found a pathway to restore EVM functionality and are carrying out a detailed token cleanup process.
In parallel, the Community Governance Council is executing “cleanup transactions” that are publicly visible on-chain. These actions are carefully structured within validator-approved limits to maintain transparency and community trust.
The Hacker’s Trail and Exchange Failures
The attacker exploited vulnerabilities in Flow’s execution layer, transferring assets via cross-chain bridges before the network was halted. After minting the fraudulent tokens, they were funneled to a major centralized crypto exchange. From there, the FLOW tokens were converted into Bitcoin, and more than $5 million was cashed out within hours.
Although the Flow Foundation did not name the exchange, public speculation and transaction behavior pointed to Binance. The foundation criticized the platform for its lack of cooperation, stating that it failed to respond to requests for trading data, raising serious anti-money laundering (AML) and know-your-customer (KYC) concerns. The incident has become a case study in how centralized platforms can unintentionally enable the laundering of stolen crypto.
Why the Rollback Was Rejected?
Initially, Flow considered rolling back the blockchain to a point before the exploit. This plan was quickly scrapped after community backlash. Critics argued that a rollback would compromise the blockchain’s core value of immutability, reverse legitimate transactions, and undermine trust.
Dr. Anya Sharma, a distributed systems expert at Stanford University, remarked, “The decision to burn tokens instead of executing a rollback is a landmark moment for Flow’s governance.” She emphasized the importance of respecting decentralization, even under extreme pressure.
Instead, the foundation is taking what it calls a “scalpel” approach by freezing affected accounts and processing only malicious transactions for removal. This method preserves the majority of valid on-chain activity and keeps the community in the loop through forensic updates and on-chain audits.
Fallout for Users and the Network
The breach temporarily disrupted key services on the Flow network. For instance, some users of NFT lending platforms were unable to repay maturing loans due to halted transactions. Meanwhile, the FLOW token took a noticeable hit in value across major exchanges, reflecting shaken investor confidence.
The foundation has promised to retest and verify all fixes before gradually bringing systems back online. Developers are working to ensure that fake tokens are burned without causing inflationary side effects. Security audits remain ongoing, and the foundation stressed that restoring full functionality will take time.
SQ Magazine Takeaway
Honestly, this hack was a wake-up call for both Flow and the broader blockchain community. What stands out is how Flow rejected a full rollback to preserve the integrity of its decentralized ecosystem. That’s not something you see every day. Instead of sweeping the problem under the rug, they’re doing the hard work of cleanup, audits, and rebuilding trust in full view of the public. As someone who watches the crypto space closely, this feels like a defining moment. Flow is showing what responsible crisis management can look like in Web3, even when the pressure is sky high.
