The Flow blockchain is moving to restore operations after a $3.9 million exploit exposed a vulnerability in its execution layer, prompting a rapid response that evolved under pressure from developers, bridge operators, and ecosystem partners.
The incident occurred on December 27, when an attacker exploited the execution layer to mint and move assets across several cross-chain bridges. According to the Flow Foundation, approximately $3.9 million in assets were extracted before validators halted the network to prevent further damage. The foundation said existing user balances were not accessed and that the breach was quickly contained, with freeze requests sent to major exchanges and stablecoin issuers.
Investigators identified the attacker’s Ethereum wallet and traced attempted laundering activity through Thorchain and Chainflip, underscoring the speed at which funds can move across interconnected crypto systems.
Rollback proposal sparks pushback
In the immediate aftermath, Flow’s core developers proposed rolling the chain back to a checkpoint before the exploit. The plan would have erased several hours of transactions, requiring users and infrastructure providers to resubmit activity. The foundation argued this approach would neutralize the unauthorized minting and restore the ledger to a clean state.
The proposal, however, met strong resistance from parts of the ecosystem. Alex Smirnov, founder of cross-chain bridge deBridge, said he learned of the rollback only after it was publicly announced. He warned that reversing the chain could create serious accounting issues, including duplicated balances for users who bridged assets out during the affected window, while users who bridged assets in could face losses without a clear path to reimbursement.
Smirnov urged validators to pause transaction validation until the foundation clarified how such cases would be handled and how custodians, including LayerZero, which serves as a primary USDC custodian on Flow, would manage affected transfers.
Data from Flowscan showed the network stalled at a fixed block height for an extended period as discussions unfolded. Market reaction was swift. The FLOW token fell following news of the exploit and rollback proposal, while several centralized exchanges temporarily suspended deposits and withdrawals. Flow’s total value locked also dropped, according to DefiLlama, before partially recovering within 24 hours.
Concerns over precedent and decentralization
Legal and technical experts also raised red flags. Gabriel Shapiro, general counsel at Delphi Labs, said a rollback risked shifting losses onto bridges and issuers by effectively creating unbacked assets. Others argued that the financial fallout from a rollback could ultimately exceed the damage caused by the exploit itself.
Chain rollbacks remain rare in cryptocurrency networks, largely because they reverse confirmed transactions and raise questions about decentralization, governance, and user trust.
Revised plan focuses on targeted remediation
On December 29, the Flow Foundation announced a revised recovery plan after consulting with bridge operators, exchanges, and validators. The updated approach abandons a global rollback in favor of isolating and destroying fraudulently minted tokens, while preserving legitimate user activity.
Under the new plan, the network will restart in phases. Accounts identified through forensic analysis as recipients of illicit tokens will be temporarily restricted, while the vast majority of users are expected to remain unaffected. Validators have approved a software upgrade to enable the targeted remediation, and the network has already returned online in a read-only testing mode ahead of a gradual restoration of full functionality.
Dapper Labs, the company behind Flow’s launch, said it reviewed and supports the revised plan, adding that no Dapper Labs user balances or assets were impacted by the exploit.
