Key takeaways
- Flow blockchain validators implement protocol fix following security breach.
- Around $3.9 million in assets were misappropriated due to a vulnerability in Flow’s execution layer.
According to a new update from the team, the Flow blockchain is heading for a full reboot after delivering a protocol patch related to an exploit that drained approximately $3.9 million via cross-chain bridges.
UPDATE: CONSENSUS OF VALIDATORS REACHED (MAINNET 28)
To preserve network integrity and prioritize user security, the Flow Foundation proposed a protocol patch (Mainnet 28) that was accepted and successfully deployed by network validators.
CURRENT STATUS: Idle / READ ONLY
THE…– Flow.com (@flow_blockchain) December 28, 2025
The incident occurred on December 27, targeting a vulnerability in its execution layer. The attacker moved assets out of the network primarily via bridges to Ethereum before validators shut down the network shortly, preventing further unauthorized transactions.
According to the Flow Foundation, the vulnerability has been isolated, law enforcement is engaged, and user funds held before the incident remain intact.
Validators restored the network to a pre-exploit checkpoint and brought it back online in read-only mode while ecosystem partners synchronize systems. Transactions remain suspended pending final coordination.
Once coordination is complete, the network should reopen. A full technical autopsy remains scheduled within 72 hours.