Developers at Flow Foundation confirmed that a vulnerability was discovered and exploited in the network's execution layer. Before validators fully halted the blockchain, the attacker managed to withdraw about $3.9 million outside the network. The foundation emphasized that existing user balances were not affected and assets stored on the network before the attack remained intact.
Details of the Flow Blockchain Hack
According to the developers, the vulnerability allowed manipulation at the transaction execution level but did not provide direct access to user accounts. After the incident was detected, validators promptly suspended network operations, which the foundation believes helped limit the attack's scope and prevent further losses. The foundation also noted that funds were withdrawn solely through manipulations at the execution layer, not from user balances.
Network Recovery Measures
Soon after the incident, developers released a protocol update and are coordinating its deployment among node operators. To remove unauthorized transactions, a decision was made to roll back the blockchain to its state prior to the attack; this will restore the ledger without problematic entries. As a result, all transactions sent roughly between 12:25 MSK on December 26 and the network halt at 18:30 MSK on December 27 will need to be resent — this includes legitimate user activity.
Impact on the Market
Following news of the hack, FLOW token prices sharply declined: according to Binance exchange data, the price dropped from $0.17 to a low of $0.079. Volatility increased due to uncertainty surrounding network recovery, and major South Korean exchanges temporarily suspended deposits and withdrawals of FLOW tokens; more details on the suspension of exchange operations. The South Korean Digital Asset Exchanges Association (DAXA) issued a warning about trading risks related to this asset.
Why This Matters
If you hold FLOW tokens or use services linked to this network, you should be aware of the need to resend transactions during the specified period and temporary deposit/withdrawal restrictions on exchanges. Node and service operators must install the released protocol update, as coordinated updates are critical for the network's recovery speed. For miners with small-scale equipment in Russia, this event has no direct impact unless you interact with the Flow network or hold FLOW tokens.
What to Do?
- Check if you hold FLOW tokens or have pending transactions between 12:25 MSK December 26 and 18:30 MSK December 27, and be prepared to resend them after the network is restored.
- If you manage a node or service, urgently coordinate the deployment of the protocol update with operators and follow the official developer instructions.
- Avoid planning large deposits or withdrawals of FLOW until exchanges resume operations and network security is confirmed; monitor announcements from exchanges and the foundation.
- Follow official Flow Foundation channels and exchange updates to properly time the resubmission of transactions and transfers.
Blockchain security remains a critical focus, and similar incidents have been discussed in the context of other breaches — see the article on the Trust Wallet fund leak for a broader understanding of risks. Exercise caution when handling assets and rely on official foundation recommendations during network recovery.