The Flow Foundation has confirmed that an execution-level vulnerability was exploited, resulting in the outflow of approximately $3.9 million in assets. The network has been rolled back and restart postponed.

The Flow Foundation released an official update stating that on December 27, 2025, attackers exploited a vulnerability in the Flow execution layer to transfer approximately $3.9 million in assets off-chain before validators coordinated a shutdown. The Foundation emphasized that this incident did not affect any users' existing balances, and all user deposits remain intact. The outflow of funds primarily occurred via cross-chain bridges. The attacker's address has been identified and flagged, and the related money laundering path is being tracked in real-time. Freezing requests have been submitted to Circle, Tether, and major exchanges. The Foundation stated that the network has been isolated, and the vulnerability fix has been released and is in the verification and deployment phase. To remove unauthorized transactions, the network will roll back to the checkpoint before the attack occurred. Legitimate transactions submitted during this period will need to be resubmitted after the restart. Based on feedback from validators and ecosystem partners, the Foundation has decided to extend the coordination time to ensure network consensus and long-term security, and will not hastily restart before full consultation. User funds remain safe throughout the process, and updates will continue to be released according to the established schedule. Previous news: deBridge co-founder: Hasty Flow rollback may trigger greater systemic risks.