On December 27, Flow’s Layer 1 network suffered an execution-layer exploit that let an attacker move about $3.9 million in assets off-chain before validators halted mainnet to contain the damage. FLOW sold off hard on the news, dropping about 40% intraday as liquidity thinned out across major pairs.
Price data from Korean exchanges and global trackers shows FLOW sliding from roughly $0.17 to around $0.10 at the lows, setting a new all-time low, before bouncing back toward the $0.11 to $0.12 area by Sunday, with 24-hour volume above $200 million.
Flow confirms execution-layer bug on X
Flow first told users it was investigating a “potential security incident” in a December 27 post on X, then followed with a second update confirming that attackers had exploited a vulnerability in the transaction execution layer and moved funds off-network before validators coordinated a halt. The foundation published both updates through its verified incident thread and a later validator consensus post.
“An attacker exploited a bug in Flow’s execution layer and moved about $3.9M in assets off-network before validators halted the network,” the team wrote on X.
The team stressed that existing user balances remained intact and framed the exploit as an infrastructure failure rather than a drain of individual wallets, a message repeated in summaries from regional media and exchange alerts that described user deposits as safe despite the protocol-level loss.
5M FLOW mint, pools drained, bridges in the path
Before Flow went public, pseudonymous researcher Wazz flagged a suspicious address that had minted 5 million FLOW and dumped the tokens across liquidity pools, wiping out depth and forcing prices lower on thin books. He shared screenshots of the mint and subsequent sales in a thread on X, which quickly circulated among traders.
Post-mortem traces cited by Flow and regional outlets show the attacker funneled the roughly $3.9 million haul through cross-chain bridges Celer, deBridge, Relay and Stargate into other networks, then pushed funds through THORChain and Chainflip to add another layer of obfuscation. Flow Foundation says it asked Circle, Tether and major centralized exchanges to freeze any addresses tied to the exploit while on-chain analysts track the routes in real time.
Network rolled back, exchanges lock FLOW
Exchanges moved quickly. Upbit and Bithumb in South Korea suspended FLOW deposits and withdrawals, and the Digital Asset eXchange Alliance (DAXA) issued a trading risk warning for the token as local platforms evaluated exposure to the exploit and to Flow’s subsequent chain halt.
On December 28, Flow announced that validators had accepted and deployed a protocol fix, dubbed “Mainnet 28,” and brought the chain back online in an idle, read-only state while partners synced infrastructure, according to a team update summarized by Crypto Briefing and price trackers that now flag the incident on FLOW’s profile pages.
Updates from Flow’s partners state that validators plan to restart the network from a checkpoint before the exploit window, with the rollback aimed at stripping unauthorized exploit transactions from canonical history while preserving user balances and other application state. Exchange flashes from KuCoin describe the move as a return to a “pre-exploit checkpoint” to erase the attacker’s transfers.
FLOW price whipsaws in a record hack year
FLOW now trades around $0.118 on major trackers, up roughly 10% over the past 24 hours but still more than 30% below where it sat before the exploit, with 24-hour volumes above $200 million on CoinGecko and CoinMarketCap. Trading data also shows the token printing its all-time low near $0.10 on December 27, lining up with the exploit timeline.
That kind of snap repricing fits this year’s broader security backdrop. Blockchain monitoring firms already count more than $2.7 billion in stolen crypto value in 2025, led by the $1.5 billion Bybit breach, making this the costliest year on record for hacks even before Flow’s loss lands in the totals.
In dollar terms the Flow exploit is small next to those outliers, yet it hits the protocol layer of a live L1 and forced validators to halt and roll back the chain, a combination that traders and builders will now factor in when they price execution and bridge risk across Flow’s DeFi rails.
