Flow Faces Rollback Backlash After $3.9m Exploit Hits Execution Layer

Flow halts after a $3.9m exploit, ditches a full rollback plan and opts for targeted token burns to preserve user activity and restore trust.

Flow blockchain’s proposal to reverse transactions following a $3.9 million exploit triggered opposition from ecosystem partners, prompting the network’s foundation to revise its remediation approach.

An attacker exploited a vulnerability in Flow’s (FLOW) execution layer on Dec. 27, extracting approximately $3.9 million in assets through multiple cross-chain bridges before validators halted the chain, according to Flow Foundation. The foundation and forensic partner FindLabs stated that existing user balances were not accessed and that the exploit was contained, with freeze requests sent to major exchanges and stablecoin issuers.

The attacker’s Ethereum wallet was identified, and investigators reported tracking laundering attempts through Thorchain and Chainflip.

Flow core developers proposed a rollback to a checkpoint prior to the exploit, which would erase all transactions submitted during a several-hour window and require users and infrastructure providers to resubmit activity. The Foundation stated the rollback would neutralize unauthorized minting and restore the ledger.

Alex Smirnov, founder of cross-chain bridge deBridge, said he learned of the rollback decision after its public announcement. Smirnov warned that reverting the chain could create doubled balances for users who bridged assets out during the rollback window, while leaving others who bridged in facing losses with no clear reimbursement plan. He called on Flow validators to halt transaction validation until the Foundation clarified resolution of these cases and how custodians such as LayerZero, the primary USDC custodian on Flow, would handle affected transfers.

Flowscan data showed the network stalled at a fixed block height for an extended period. The FLOW token declined following the exploit and rollback announcement, and some centralized exchanges temporarily suspended transactions, according to market data.

DefiLlama data showed Flow’s total value locked dropped after the incident before partially rebounding within 24 hours.

Gabriel Shapiro, general counsel at Delphi Labs, stated the approach risked pushing losses onto bridges and issuers by creating unbacked assets. Smirnov argued that financial damage from a rollback could exceed the original exploit. Chain rollbacks remain rare in cryptocurrency networks due to concerns about reversing confirmed transactions and questions regarding decentralization.

On Dec. 29, Flow Foundation announced a revised remediation plan developed in consultation with bridge operators, exchanges, and validators. The updated approach abandoned a global rollback and instead focused on isolating and destroying fraudulently minted tokens while preserving legitimate user activity. Dapper Labs, which launched Flow, said it reviewed and supported the revised plan and that no Dapper Labs user balances or assets were impacted.

Under the new plan, the network would restart in phases, temporarily restricting accounts identified through forensic analysis as recipients of illicit tokens. Validators approved a software upgrade enabling the targeted remediation, and the network returned online in a read-only testing mode ahead of a phased restoration. The Foundation stated the majority of accounts would remain unaffected, with ongoing updates promised as normal operations gradually resume.