Zach Anderson
Mar 06, 2026 08:52
Flow Network resolves December 2025 exploit that created counterfeit tokens and caused $3.9M in losses. FLOW token rebounds 16% as protocol deploys fix.
Flow Network has officially resolved the December 2025 security incident that allowed an attacker to create counterfeit tokens, resulting in approximately $3.9 million in confirmed losses across the ecosystem.
The FLOW token has rebounded sharply, trading at $0.10 with a 16% gain over 24 hours as of January 6, 2026. The recovery follows a brutal 40% crash that pushed prices to $0.075 in early January after the exploit became public.
What Actually Happened
On December 27, 2025, an attacker discovered a flaw in Flow’s Cadence runtime—the smart contract execution layer—that allowed token duplication rather than proper minting. This bypassed the network’s supply controls entirely.
The stolen funds moved quickly off-network through multiple cross-chain bridges including Celer, Debridge, Relay, and Stargate. Binance froze hacker-linked funds shortly after the exploit, limiting some of the damage.
Here’s what matters for holders: the Flow Foundation confirmed that no existing user account balances were compromised. The attacker created counterfeit assets from nothing rather than draining legitimate wallets.
The Response Timeline
Validators coordinated a network halt within six hours of detecting malicious activity, putting Flow into read-only mode. That’s faster than most Layer-1 responses to similar incidents, though the two-day downtime still caused problems.
NFT lending platforms felt the pain particularly hard—loan settlements couldn’t process during the freeze, creating liquidation risks for some users.
Operations resumed after validators executed a governance-approved process to permanently destroy the counterfeit assets and deploy Mainnet 28, the protocol fix addressing the Cadence vulnerability.
Market Impact
FLOW’s current market cap sits at $142.64 million, still well below pre-exploit levels. The token’s recovery trajectory will depend heavily on whether any additional vulnerabilities surface during post-mortem audits.
The incident adds Flow to a growing list of protocols hit by runtime-level exploits in late 2025, raising broader questions about Cadence security versus more battle-tested smart contract languages.
For traders watching the FLOW recovery, the next catalyst is likely the release of a full technical post-mortem, expected in the coming weeks according to Flow Foundation communications.
Image source: Shutterstock
