On January 1, 2026, the Flow Foundation issued an official statement on the X platform, outlining the latest developments in its coordinated response with global cryptocurrency exchanges following the major vulnerability attack on the blockchain network on December 27, 2025. While acknowledging the cooperation of most exchanges, the statement also expressed serious concern about the handling of the situation by an unnamed exchange, pointing to severe failures in its Anti-Money Laundering (AML) and Know Your Customer (KYC) mechanisms, resulting in the transfer of financial risks to innocent users.
Kraken has resumed full service after partnering with multiple exchanges.
The Flow Foundation stated that since the vulnerability attack, it has been operating around the clock with its forensic analysis partners and coordinating closely with multiple exchanges worldwide, with the goal of protecting user assets and restoring network and market order as quickly as possible. The statement specifically named Kraken, Coinbase, and Upbit as "outstanding partners," with Kraken being the first to restore full service, demonstrating a high level of cooperation.
Abnormal activity from a single account raises serious concerns about AML/KYC procedures.
However, the foundation also expressed deep concern about the actions of one exchange. The statement noted that within hours of the attack, a single account on the exchange deposited 150 million $FLOW tokens, approximately 10% of the total token supply. This account then converted most of the assets into Bitcoin (BTC) and withdrew over $5 million before the Flow network crashed.
The foundation believes that the scale and speed of these transactions clearly deviate from normal market patterns, indicating that the exchange's AML and KYC safeguards have failed to function effectively, ultimately leading unsuspecting users to purchase fraudulently minted tokens and bear risks they should not have had to bear.
Forensic analysis revealed market anomalies, and multiple attempts to communicate with the authorities yielded no response.
According to forensic analysis, the exchange's trading platform ($FLOW) exhibited several significant anomalies inconsistent with normal market behavior before and after the network shutdown. The foundation stated that it has repeatedly requested an explanation through formal channels, but has received no response.
In this situation, the Flow Foundation calls for an immediate meeting with the exchange's top management to discuss solutions and find practical ways to protect all platform users. The foundation emphasizes that there is still room for a constructive solution, but only if the exchange demonstrates transparency and cooperation.
In addition, the Flow Foundation reiterated that it is fully cooperating with law enforcement agencies in their investigation and pledged to do its utmost to protect the rights of every affected user, regardless of the platform or user origin.
Event Recap: Flow Networks suffered a vulnerability attack, causing a sharp drop in prices before gradually recovering.
To recap the events, on December 27, 2025, a critical vulnerability appeared in the Flow blockchain network execution layer. Attackers took advantage of this to unauthorizedly mint a large number of tokens, as well as assets such as WBTC, WETH, and stablecoins. They then transferred approximately $3.9 million worth of assets off the network through cross-chain bridges such as Celer, deBridge, Relay, and Stargate. Subsequently, validators quickly coordinated a network shutdown, successfully preventing further losses.
The foundation emphasized that users' existing balances were not directly affected, and over 99.9% of accounts remained secure. Following the incident, the price of $FLOW plummeted by approximately 40% to 46%, hitting a low of $0.079, triggering panic selling in the market. Korean exchanges such as Upbit, Bithumb, and Coinone also suspended related deposit and withdrawal services.
During the remediation process, the foundation proposed rolling back approximately six hours of transaction records. However, this plan was opposed by the cross-chain bridge operator and the community due to concerns about the immutability of the blockchain and the transfer of risks. Ultimately, on December 29, the foundation announced that it would abandon the full rollback and instead adopt a method of preserving legitimate transactions, isolating and freezing illicit assets, and destroying them.
The Flow network has been gradually restarted, and core functions have resumed operation. Only some cross-chain bridges and withdrawal services are still pending further coordination. The foundation has also promised to release a complete post-event technical analysis report later.
Further Reading: FLOW "Flash Crash" Over 30%! Suspected Major Cybersecurity Incident, Upbit Suspends Deposits and Withdrawals
Further Reading: Flow Crash Update: Foundation Confirms $3.9 Million Hacked, Network Being Rebooted
