The Flow blockchain was halted on December 27, 2025, following a $3.9 million security exploit that impacted its execution layer. In response, network validators paused operations to prevent further losses and initiated a phased recovery process, which included deploying the Mainnet 28 fix and restoring Cadence activity.
The Flow Foundation later issued a statement revealing that vulnerabilities in the AML/KYC processes of certain, unnamed cryptocurrency exchanges exacerbated the incident. According to the foundation, just hours after the initial exploit, a single account deposited 150 million FLOW tokens—representing roughly 10% of the total supply—onto a trading platform. A significant portion was converted to Bitcoin, with over $5 million in assets withdrawn before the network shutdown.
The Foundation argued this unusual transaction pattern indicated serious control failures at the platform, shifting financial risk onto users who might unknowingly purchase problematic tokens. Forensic analysis teams detected significant deviations in FLOW trading behavior on the platform both before and after the halt.
In the aftermath, the Flow Foundation and its forensic partners coordinated with global exchanges including Kraken, Coinbase, and Upbit to protect users and restore services, with Kraken having already resumed operations. The incident caused a 42% drop in the FLOW token's price and affected wrapped tokens, stablecoins, and NFTs on the Flow ecosystem.
A proposed plan to rollback or reverse some transactions was abandoned following backlash from partners like deBridge. Alex Smirnov, Co-founder of deBridge, criticized the plan, stating it "would have introduced the risk of duplicated balances and operational disruptions for users who acted in good faith." The recovery strategy now focuses on phased verification to ensure network stability and user safety.
