Flow validators executed emergency network freeze after detecting $3.9 million in unauthorized withdrawals through Ethereum bridges. Protocol fix deployed with network rollback to eliminate exploit transactions.
Flow blockchain validators executed an emergency network freeze on December 27, 2025, after detecting unauthorized asset withdrawals totaling approximately $3.9 million through multiple cross-chain bridges. The attacker exploited a vulnerability in Flow's execution layer, draining funds primarily via Ethereum-based bridges before the coordinated halt stopped further losses.
According to FindLabs on X, forensic analysis confirms the attacker moved assets off-network through bridges to Ethereum before validators executed a coordinated network halt.
The exploit did not compromise existing user balances. All deposits remained intact throughout the incident, with the vulnerability now identified and isolated. Flow Foundation's security team is preparing a comprehensive technical post-mortem within 72 hours.
Bridge Exodus: Attacker's Multi-Platform Escape Route
The attacker funneled stolen assets through five major bridge protocols, with Celer Bridge processing 297.69 ETH across four identical transactions. DeBridge handled 479.35 ETH including USDC conversions, marking the largest single exit channel.
Direct withdrawals to Binance accounted for 109.19 ETH, while smaller amounts moved through Relay Bridge and Stargate. The attacker converted 9.8 WBTC worth approximately $930,000 and 339,000 PYUSD into roughly 261 ETH.
All confirmed transactions route through Ethereum address 0x2e7C4b71397f10c93dC0C2ba6f8f179a47F994e1. Flow Foundation submitted freeze requests to Circle, Tether, Binance, Coinbase, and Kraken.
The attacker initiated active laundering through privacy protocols. ThorChain processed 785 ETH for ETH-to-BTC conversion, while Chainflip handled 567.56 ETH through similar channels.
Network Rollback Deployed to Eliminate Unauthorized Transactions
Flow Blockchain announced on X that the protocol fix addressing the exploit has been released, with node operators coordinating to deploy the upgrade.
The network will restore to a checkpoint preceding the exploit, eliminating unauthorized transactions from the ledger. Flow Cadence will revert to block height 137,363,395, while Flow EVM returns to block height 51,358,233.
Transactions submitted between 11:25 PM PST December 26 and 5:30 AM PST December 27 require resubmission after restart. Legitimate user activity during this window faces temporary reversal, though Flow Foundation characterized this as necessary for network integrity.
Node operators began deployment immediately, targeting network restoration within one hour of the announcement. User balances held before the exploit window remain unaffected. Law enforcement and forensic partners continue tracking fund movement as the investigation progresses.
** Key Takeaways:**
- Attackers drained $3.9M through five bridge protocols before Flow's emergency network halt stopped losses
- Network rollback to pre-exploit checkpoint will require users to resubmit transactions from affected window
- User balances remained intact as vulnerability isolated to execution layer without accessing existing deposits
#FlowBlockchain #CrossChainBridge #CryptoHack #BlockchainSecurity #NetworkExploit
Stay updated on the latest cryptocurrency news on our homepage.
Explore more in Latest News Category.
Related reading:
Key Topics
Crypto New Live
admin@cryptonewslive.org
Flow Network Halts After $3.9M Bridge Exploit
Flow blockchain froze operations after attackers drained $3.9M through cross-chain bridges. Network rollback deployed to eliminate unauthorized transactions.