FLOW Recovers After December 2025 Security Breach Cost $3.9M

Zach Anderson Mar 06, 2026 08:52

Flow Network resolves December 2025 exploit that created counterfeit tokens and caused $3.9M in losses. FLOW token rebounds 16% as protocol deploys fix.

Flow Network has officially resolved the December 2025 security incident that allowed an attacker to create counterfeit tokens, resulting in approximately $3.9 million in confirmed losses across the ecosystem.

The FLOW token has rebounded sharply, trading at $0.10 with a 16% gain over 24 hours as of January 6, 2026. The recovery follows a brutal 40% crash that pushed prices to $0.075 in early January after the exploit became public.

What Actually Happened

On December 27, 2025, an attacker discovered a flaw in Flow's Cadence runtime—the smart contract execution layer—that allowed token duplication rather than proper minting. This bypassed the network's supply controls entirely.

The stolen funds moved quickly off-network through multiple cross-chain bridges including Celer, Debridge, Relay, and Stargate. Binance froze hacker-linked funds shortly after the exploit, limiting some of the damage.

Here's what matters for holders: the Flow Foundation confirmed that no existing user account balances were compromised. The attacker created counterfeit assets from nothing rather than draining legitimate wallets.

The Response Timeline

Validators coordinated a network halt within six hours of detecting malicious activity, putting Flow into read-only mode. That's faster than most Layer-1 responses to similar incidents, though the two-day downtime still caused problems.

NFT lending platforms felt the pain particularly hard—loan settlements couldn't process during the freeze, creating liquidation risks for some users.

Operations resumed after validators executed a governance-approved process to permanently destroy the counterfeit assets and deploy Mainnet 28, the protocol fix addressing the Cadence vulnerability.

Market Impact

FLOW's current market cap sits at $142.64 million, still well below pre-exploit levels. The token's recovery trajectory will depend heavily on whether any additional vulnerabilities surface during post-mortem audits.

The incident adds Flow to a growing list of protocols hit by runtime-level exploits in late 2025, raising broader questions about Cadence security versus more battle-tested smart contract languages.

For traders watching the FLOW recovery, the next catalyst is likely the release of a full technical post-mortem, expected in the coming weeks according to Flow Foundation communications.

• flow
• security breach
• defi exploit
• flow network
• binance