Flow Blockchain Exploit Leads to Controversial Rollback Proposal and Recovery Efforts
On December 27, 2025, a vulnerability in Flow blockchain's execution layer was exploited across cross-chain bridges, siphoning approximately $3.9 million and causing validators to halt the chain.
The Flow Foundation and FindLabs confirmed that user balances remained secure, the exploit was contained, exit routes were mapped, and freeze requests were sent to major exchanges and stablecoin issuers.
Developers proposed a rollback to a pre-exploit checkpoint, which would erase several hours of activity. However, ecosystem partners reported they were not consulted and warned of issues such as doubled balances for bridge users.
Stakeholders, including deBridge founder Alex Smirnov, raised concerns about doubled balances and urged validators to halt validation. Questions arose regarding how custodians like LayerZero and issuers would handle the affected transfers. Delphi Labs warned that the rollback could create unbacked assets and increase losses.
The FLOW token's value fell more than 40% following the exploit and rollback announcement, with some centralized exchanges pausing or delaying transactions.
On-chain data from Flowscan showed a stall at a fixed block height with a restart expected within hours. DefiLlama reported a total value locked (TVL) drop from $107 million to $73.8 million, followed by a rebound to approximately $97.2 million, representing about a 31% recovery within 24 hours.
On December 29, the Flow Foundation abandoned the global rollback plan in favor of a narrow remediation strategy aimed at isolating and destroying fraudulently minted tokens while preserving legitimate activity. A software upgrade enabled this targeted remediation, and the network began phased restoration.
Dapper Labs reviewed and supported the revised plan, confirming that no Dapper user balances or assets, including the Dapper treasury, were impacted. The network is set to resume operations through phased restoration, preceded by a read-only testing mode.
