Key Takeaways:
Flow blockchain has confirmed a critical security breach resulting in a loss of approximately $3.9 million after an attacker minted unauthorized tokens.
The native token (FLOW) plummeted over 50% within hours, forcing major exchanges like Upbit and Bithumb to suspend deposits and withdrawals.
The Flow Foundation has halted the entire network to prevent further outflows and is coordinating with law enforcement and stablecoin issuers to freeze stolen funds.
The Flow blockchain, a prominent Layer-1 network known for hosting major NFT projects like NBA Top Shot, has been brought to a standstill following a severe security incident. A confirmed exploit in the execution layer allowed an attacker to drain liquidity pools, triggering a flash crash that saw the FLOW token lose half its value in a matter of hours.
Anatomy of the Attack: Unauthorized Minting and Liquidity Drain
The chaos began on December 27, 2025, when on-chain alerts from analysts including Wazz and FindLabs flagged suspicious activity. An attacker utilized a TransparentUpgradeableProxy mechanism to mint millions of sFLOW and WFLOW tokens illicitly.
According to preliminary forensic analysis, the attacker’s wallet – which had been dormant since its creation six months ago – suddenly became active, minting the tokens and immediately draining liquidity pools. The stolen funds, estimated at $3.9 million, were rapidly bridged out of the Flow ecosystem via protocols like Celer, Debridge, and Stargate, converting the loot into Ethereum and Bitcoin.
Security analysts suspect this was not a flaw in the smart contract code itself, but rather a private key compromise of a privileged admin wallet, which allowed the attacker to bypass standard security checks.
$FLOW Mint and Pool Drain via Transparent Upgradeable Proxy
Market Panic: 50% Drop and Exchange Suspensions
The market reaction was instantaneous and brutal. FLOW prices collapsed from approximately $0.17 to lows of $0.08, causing panic among holders. The sudden volatility triggered safety mechanisms at major South Korean exchanges Upbit and Bithumb, which immediately halted FLOW deposits and withdrawals to protect users. Binance is reportedly monitoring the situation closely but has not yet suspended trading.
Foundation Response: “The Network Is Paused”
Breaking the silence often seen in crypto hacks, the Flow Foundation moved quickly to contain the damage. The team officially declared a “potential security incident” and took the drastic step of halting the entire network.
In their statement, Flow emphasized that user deposits remain safe and that the halt was a containment measure to prevent further unauthorized minting or bridging. The team is currently working with law enforcement, as well as centralized issuers like Circle (USDC) and Tether (USDT), to freeze the stolen assets where possible. A fix has already been deployed, with a network restart projected within 4 to 6 hours.
Centralization Risks and the Path to Recovery
While the immediate financial damage is capped at $3.9 million – a relatively manageable figure for a chain of Flow’s size – the incident highlights critical vulnerabilities regarding admin key management. If the private key compromise theory holds, it underscores the urgent need for stricter multi-sig governance and timelocks, even for established Layer-1 blockchains.
However, the community has noted Flow’s transparency as a silver lining. Unlike projects that go “radio silent” during crises, Flow’s real-time updates have helped mitigate total capitulation. As the market awaits the network restart, the price of FLOW is expected to trade sideways, with investors looking for confirmation that the “backdoor” has been permanently closed.
Read Next: How Blockchain is Transforming Digital Identity?