TechFlow news, on December 28, Flow official announced on the X platform that on December 27, 2025, an attacker exploited a vulnerability in the Flow execution layer to transfer approximately $3.9 million in assets before network downtime. This attack did not access existing user balances, and all user deposits remain secure.
Currently, the approximately $3.9 million in funds has primarily flowed out through bridges such as Celer, Debridge, Relay, and Stargate. The attacker's wallet has been identified and flagged, and their money laundering activities via Thorchain and Chainflip are being tracked in real time.
The Flow Foundation has submitted freeze requests to Circle, Tether, and major exchanges. The network has already been halted to cut off all exit paths, and the fix is undergoing final verification. The confirmed fund outflows are within controllable limits and will not threaten network solvency or user fund security.
The target restart time is within 4 to 6 hours, depending on testnet validation results. FindLabs is releasing forensic data including transaction hashes and the attacker's Ethereum wallet address.
