Key Takeaways

• The Flow Foundation has entered “phase two” of its recovery plan following a $3.9 million exploit, restoring EVM and Cadence functionality.

• Flow scrapped a controversial “rollback” plan after the community warned it would compromise the network’s decentralization and security.

• A major unnamed exchange is under fire for allegedly allowing an exploiter to wash $5 million in stolen funds despite KYC/AML controls.

Flow Restores Network Functions After $3.9M Breach

The Flow blockchain is moving forward with a phased remediation plan following a high-profile $3.9 million exploit on December 27, 2025. After initially considering a “rollback” of the blockchain to reverse the theft, the Flow Foundation pivoted due to intense community pushback. Developers and bridge operators, including the founder of deBridge, warned that a chain reorganization would cause more financial damage and break the fundamental trust in the network’s immutability.

Instead of a rollback, the Flow Community Governance Council is now executing “cleanup transactions” within validator-authorized boundaries. This process aims to restore Ethereum Virtual Machine (EVM) and Cadence functionality simultaneously.

We’re currently in phase two, which means the “read-only” handcuffs are coming off. The team is working hard to make sure every legitimate transaction from before the pause stays exactly where it should be. Most importantly, they aren’t asking for blind trust—they’re making every single fix publicly auditable on-chain so the community can see the work for themselves.

Exchange Negligence and the Trust Wallet Exploit

The Flow Foundation has voiced significant concern regarding the role of centralized exchanges in the exploit’s aftermath. According to Flow, a single account deposited 150 million $FLOW (roughly 10% of the total supply) shortly after the breach, converted it to Bitcoin, and withdrew $5 million within hours. The Foundation characterized this as a massive AML/KYC failure by the unnamed exchange, which allowed fraudulent tokens to be sold to unsuspecting users before the network could be halted.

This security crisis coincided with another major holiday breach. On Christmas Day, the Trust Wallet browser extension was compromised, leading to $7 million in losses across 2,596 addresses. Investigation revealed that a leaked API key allowed a malicious version of the extension to be published on the Chrome Web Store.

Former Binance CEO Changpeng Zhao has stated that the lost funds will be covered. As Flow and Trust Wallet work through these separate incidents, the industry is facing a renewed debate over the security of browser-based tools and the responsibility of exchanges to monitor suspicious trading patterns.

Final Thoughts

The Flow exploit serves as a stark reminder that the “fastest” recovery (a rollback) is often the most dangerous for decentralization. Transparency and community governance have proven to be the better path forward.

Frequently Asked Questions

Did Flow roll back the blockchain?
No, the Flow Foundation scrapped the rollback plan after community criticism and is using a phased remediation approach instead.

Is my FLOW token safe?
The network has halted affected accounts and is restoring functionality; legitimate transactions made before the halt remain valid.

What happened to Trust Wallet?
A malicious update to the Chrome extension (v2.68) resulted in stolen funds, but the company has pledged to reimburse all verified victims.