The Flow security incident from December 27, 2025 has now been fully contained, remediated, and closed. Following a sophisticated exploit targeting a type-confusion vulnerability in the Cadence runtime, the network was halted, mitigations were deployed, and all systems have been restored safely. Key outcomes:
The vulnerability has been patched, with extensive security hardening and updated validation logic now live on mainnet.
Validators and ecosystem partners executed a coordinated response that prevented further counterfeit asset movement and preserved legitimate state.
The vast majority of counterfeit tokens were contained on-chain or frozen by exchanges; ongoing recovery and destruction of remaining counterfeit assets continues under governance authorization.
Flow’s Cadence and EVM environments are now fully operational, with normal transaction processing resumed.
No user action is required. With all mitigation measures in place and continuous monitoring ongoing, this incident is officially closed. For full technical details, see the post-mortem: https://flow.com/post/dec-27-technical-post-mortem Thank you for your patience and understanding while we investigated this issue.
Resolved
The Flow security incident from December 27, 2025 has now been fully contained, remediated, and closed. Following a sophisticated exploit targeting a type-confusion vulnerability in the Cadence runtime, the network was halted, mitigations were deployed, and all systems have been restored safely. Key outcomes:
The vulnerability has been patched, with extensive security hardening and updated validation logic now live on mainnet.
Validators and ecosystem partners executed a coordinated response that prevented further counterfeit asset movement and preserved legitimate state.
The vast majority of counterfeit tokens were contained on-chain or frozen by exchanges; ongoing recovery and destruction of remaining counterfeit assets continues under governance authorization.
Flow’s Cadence and EVM environments are now fully operational, with normal transaction processing resumed.
No user action is required. With all mitigation measures in place and continuous monitoring ongoing, this incident is officially closed. For full technical details, see the post-mortem: https://flow.com/post/dec-27-technical-post-mortem Thank you for your patience and understanding while we investigated this issue.
Monitoring
The Flow network is now fully operational. Both Cadence and EVM environments are live and processing transactions normally. This follows the December 27, 2025 security incident, during which approximately $3.9M was moved off-network before validators halted the chain. No user balances were affected, and all deposits remained safe. Ongoing cleanup and verification work continues in the background, but the incident is contained and normal network operations have resumed. No user action is required at this time. We will continue to monitor the situation closely and share updates as full network operations are restored. Official update from Flow: https://x.com/flow_blockchain/status/2007125204603150660
Identified
The Flow Foundation has confirmed a security incident on December 27, 2025. An attacker moved approximately $3.9M off-network before validators halted the network. No user balances were affected and all deposits remain safe.
The incident is fully contained. A protocol fix is in final validation, with a target restart within 4–6 hours, pending testing. We are closely monitoring the situation and will share more updates as new information becomes available.
Official update from Flow:
https://x.com/flow_blockchain/status/2005021612714668518?s=20
Investigating
The Flow Foundation has announced that it is currently investigating a potential security incident impacting the Flow network. According to the statement, engineering teams are actively working with network partners to mitigate the issue. We are in close contact with Flow and will provide updates as more information becomes available.
More details from Flow are available in their official statement on X:
https://x.com/flow_blockchain/status/2004894914543571022?s=20
