An attacker exploited a vulnerability in the execution layer and moved roughly 3.9 million dollars in assets off-network before validators coordinated a network halt. Critically, the exploit did not touch existing user balances.
All deposits remained intact, and the Foundation has since mapped the exit path while working closely with exchanges, bridge operators, and forensic teams to contain and remediate the situation.
Immediate Containment and Remediation
This incident highlights the importance of robust security in rapidly growing blockchain networks. Flow, known for hosting applications like NBA Top Shot and other NFT platforms, is integrated with multiple bridges and infrastructure providers. Coordinated responses like these are becoming standard as cross-chain activity expands. For context, cross-chain bridges handled over 20 billion dollars in volume last quarter alone, making rapid incident response essential to maintaining trust.
This is the verified update from the Flow Foundation.
INCIDENT CONFIRMED
On December 27, 2025, an attacker exploited a vulnerability in Flow’s execution layer and moved approximately $3.9M in assets off-network before validators executed a coordinated halt.
Critically, this… https://t.co/KEXzo0w8as
— Flow.com (@flow_blockchain) December 27, 2025
Following the attack, Flow validators halted network activity to sever all exit paths. The Foundation reported that funds primarily moved through bridges such as Celer, Debridge, Relay, and Stargate, with active laundering tracked through Thorchain and Chainflip. Freeze requests were immediately submitted to major stablecoin issuers and exchanges to prevent further unauthorized transfers.
UPDATE: ECOSYSTEM COORDINATION PHASE
The Foundation is coordinating with critical infrastructure partners to finalize the optimal restart pathway.
CURRENT STATUS
→ Remediation plan has been circulated with ecosystem partners and is under evaluation
→ This process includes…— Flow.com (@flow_blockchain) December 28, 2025
The network fix, dubbed Mainnet 28, has been developed and deployed by validators, restoring the ledger to a checkpoint prior to the exploit. Users who submitted transactions during the window between 11:25 PM PST on December 26 and the network halt at 5:30 AM PST on December 27 may need to resubmit activity. All other user balances and assets remain secure. The phased restoration approach prioritizes safe resumption of operations, starting with a read-only state, followed by full Cadence remediation, and finally EVM re-enablement.
Coordinated Ecosystem Recovery
Flow’s extensive integrations require careful synchronization with ecosystem partners before resuming normal transaction ingestion. Bridges, exchanges, and dApps must align with the restored ledger to prevent inconsistencies. The attack did not affect over 99.9% of accounts. The Flow blockchain team is identifying and destroying fraudulent assets through auditable on-chain transactions. Accounts impacted by the attack will regain access immediately following verification.
We have reviewed the latest recovery plan proposed by the @flow_blockchain Foundation and core protocol team. The revised approach preserves all legitimate user activity—meaning no rollback is required—and provides a clear path to restoring network operations.
Dapper Labs fully… https://t.co/wqBXFtyv09
— Dapper Labs (@dapperlabs) December 29, 2025
This incident highlights a broader trend in blockchain. Networks are becoming increasingly interconnected, so security breaches can create ripple effects across multiple platforms. Similar events, like the 2022 Ronin bridge exploit, which involved 625 million dollars, demonstrate the critical role of rapid coordination and transparent communication. Flow’s transparent updates and phased remediation plan provide a model for other ecosystems to follow.
Disclaimer
The information provided by Altcoin Buzz is not financial advice. It is intended solely for educational, entertainment, and informational purposes. Any opinions or strategies shared are those of the writer/reviewers, and their risk tolerance may differ from yours. We are not liable for any losses you may incur from investments related to the information given. Bitcoin and other cryptocurrencies are high-risk assets; therefore, conduct thorough due diligence. Copyright Altcoin Buzz Pte Ltd.
The post Flow Blockchain Responds to December 27 Exploit Incident appeared first on Altcoin Buzz.
