Important points
- Flow blockchain validators implement protocol fixes following security breaches.
- Approximately $3.9 million in assets were siphoned off due to a vulnerability in Flow’s execution layer.
Share this article
Flow Blockchain is moving towards a complete reboot after shipping a protocol fix related to an exploit that leaked approximately $3.9 million via cross-chain bridges, according to a new update from the team.
Update: Validator consensus reached (mainnet 28)
To maintain network integrity and prioritize user safety, the Flow Foundation proposed protocol modifications (Mainnet 28). This was accepted by the network verifier and successfully deployed.
Current status: Idle/Read Only
…— Flow.com (@flow_blockchain) December 28, 2025
The incident occurred on December 27th and targeted an execution layer vulnerability. The attackers moved assets out of the network, primarily through bridges to Ethereum, before validators quickly took down the network, preventing further fraudulent transactions.
The Flow Foundation says the vulnerability has been identified, law enforcement is involved, and user funds held prior to the incident remain intact.
The validator restored the network to a pre-exploitation checkpoint and brought it back online in read-only mode while ecosystem partners synchronized their systems. The transaction remains suspended until final adjustments are made.
The network will be restarted once adjustments are complete. A full technical post-mortem is expected within 72 hours.
