Advertisement
Flow Enters Phase Two of Recovery After $3.9M Exploit, Flags Exchange Token Movements
- The Flow Foundation has entered “phase two” of its recovery following a $3.9 million exploit on Saturday, December 27, 2025.
- Developers scrapped an initial plan to roll back the blockchain due to community concerns over decentralisation, opting instead for a “two-stage” recovery.
- Flow accused an unnamed exchange of AML/KYC failures after a single account deposited the stolen 150 million FLOW, swapped it for BTC, and withdrew over $5 million shortly before the network was halted.
Flow is rebuilding its network after a US$3.9 million (AU$5.9 million) exploit on Saturday, and says it is investigating suspicious exchange activity tied to a large FLOW token deposit and rapid withdrawals.
In an update on X, the Flow Foundation said its recovery effort has moved into “phase two,” which it expects to take several days. It said engineers have found a way to bring back Ethereum Virtual Machine (EVM) support while remediation continues on Cadence, Flow’s non-EVM chain. Both tracks will now be worked on at the same time.
Moreover, Flow said the Community Governance Council is carrying out “cleanup” transactions within limits approved by validators, and that the actions can be independently checked on-chain using block explorers.
This is a complex process requiring individual account assessment and verification. The Foundation is working with external forensic firms to accelerate remediation while maintaining the precision required for secure restoration.
Flow Foundation. Related: Australia’s $60m Crypto Retirement Scheme Leaves Investors Short, Just $6.7m Found
Flow Steps Back From Early Proposal
The foundation has also stepped back from an earlier proposal that would have rolled back the blockchain. That idea drew pushback from users who said a rollback would undermine decentralisation and introduce new security concerns.
In its post-incident report, Flow said it was alarmed by how one centralised exchange handled token movements during the incident and claimed the exchange did not respond to its outreach about trading patterns. Flow did not name the venue, though some users speculated it could be Binance.
Flow said a single account deposited 150 million FLOW, about 10% of total supply, swapped a large amount into Bitcoin, and withdrew more than US$5 million (AU$7.6 million) within a few hours before the network was halted.
Flow said the pattern indicated an AML/KYC breakdown and pushed losses onto users who may have bought tokens created through the exploit.
Read more: Grayscale Targets Decentralised AI With First-Ever Bittensor (TAO) ETP Filing
Author
José Oramas
José is a journalist and translator with a keen interest in blockchain and cryptocurrencies.
