The Flow Foundation has announced Phase Two of its recovery efforts following a $3.9 million hack that halted the Flow blockchain in late 2025. According to the foundation, work is ongoing, and the next phase of the restoration is expected to take several days to complete.
The breach has rattled parts of the crypto ecosystem, sparking conversations about safeguarding users, exchanges, and governance when a blockchain faces a security compromise. Flow notes that developers had “identified a path to restore EVM [Ethereum Virtual Machine] functionality” as it addressed its non-EVM chain, Cadence. Meanwhile, the fix is in progress to clean up the exploit on the EVM environment, and the enquiry has been frozen for recent fixes.
Flow Foundation moves forward with exploit recovery
The foundation stated that it would then test the fixes and retest any remaining maintenance tasks, adding that it planned to take most worlds offline before restoring the vast majority of them to full availability as soon as it deemed it safe to do so. The current progress report already shows that accounts are being returned and fake tokens are being reverted daily, with on-chain audits accessible to everyone.
The breach has rattled parts of the crypto ecosystem, sparking conversations about safeguarding users, exchanges, and governance when a blockchain faces a security compromise. Flow notes that developers had “identified a path to restore EVM [Ethereum Virtual Machine] functionality” as it addressed its non-EVM chain, Cadence.
Meanwhile, the fix is in progress to clean up the exploit on the EVM environment, and the enquiry has been frozen for recent fixes. Flow Foundation also stated that it would then test the fixes and retest any remaining maintenance tasks, adding that it planned to take most worlds offline before restoring the vast majority of them to full availability as soon as it deemed it safe to do so.
The current progress report already shows that accounts are being returned and fake tokens are being reverted daily, with on-chain audits accessible to everyone. The impact of the exploit has been felt throughout Flow’s ecosystem. The network freeze also temporarily shut down certain services, like the NFT lending service, where “a small percentage” of borrowers were unable to repay their maturing loans due to the transactions that came to a standstill.
Investors have already felt the impact of the incident. The Flow token (FLOW) has dropped sharply across major exchanges as trading resumed. The decline has fueled broader concerns about risk management practices and raised new questions about the strength and credibility of Flow’s network security model.
Flow Foundation said that after the Dec. 27 hack, a lone account had deposited around 150 million of its FLOW tokens, approximately 10% of what has been released so far, and about $54 million, to a centralized exchange. The hacker also swapped most of them into other assets like Bitcoin, then cashed out more than $5 million before operations could be ground to a halt.
