Flow’s plan to reverse part of its blockchain history after a $3.9 million exploit has triggered sharp backlash from ecosystem partners. The move has reignited a long-running debate over immutability and crisis management in crypto networks. The controversy began after an attacker exploited a vulnerability in Flow’s execution layer on Dec. 27, siphoning roughly $3.9 million in assets off the network through multiple cross-chain bridges before validators halted the chain. Flow Foundation and forensic partner FindLabs later confirmed that existing user balances were not accessed and said the exploit was contained quickly, with exit routes mapped and freeze requests sent to major exchanges and stablecoin issuers. FLOW NETWORK INCIDENT: Forensic Fund Tracking Report FindLabs is publishing the following analysis in collaboration with the Flow Foundation's security and engineering teams, who conducted the primary forensic investigation. • INCIDENT CONFIRMATION On December 27, 2025, an… — Find Labs (@findlabs) December 27, 2025 The attacker’s Ethereum wallet was identified, and investigators said laundering attempts through Thorchain and Chainflip were being tracked in real time. Within hours of the halt, Flow core developers proposed a rollback to a checkpoint prior to the exploit, a move that would erase all transactions submitted during a several-hour window and require users and infrastructure providers to resubmit activity. Flow Partners Question Rollback as Network Activity Freezes The Foundation framed the rollback as a way to neutralize unauthorized minting and restore the ledger to a clean state. However, the proposal immediately alarmed key partners who said they were not consulted. Alex Smirnov, founder of cross-chain bridge deBridge, one of Flow’s major bridge providers, said he learned of the rollback decision after it was already announced publicly. I woke up to the news about Flow’s decision to roll back the chain. Despite Flow stating that they are “in a mandatory synchronization window with critical ecosystem partners (bridges, CEXs, DEXs)”, I can confirm that 𝐝𝐞𝐁𝐫𝐢𝐝𝐠𝐞 — 𝐨𝐧𝐞 𝐨𝐟 𝐭𝐡𝐞 𝐦𝐚𝐣𝐨𝐫 𝐛𝐫𝐢𝐝𝐠𝐞… https://t.co/oVTPbKDMcl — deAlex (@AlexSmirnov) December 28, 2025 Smirnov warned that reverting the chain could create doubled balances for users who bridged assets out during the rollback window, while leaving others who bridged in facing losses with no clear reimbursement plan. He urged Flow validators to halt transaction validation until the Foundation clarified how these edge cases would be resolved and how custodians such as LayerZero, the primary USDC custodian on Flow, were expected to handle affected transfers. Data from Flowscan showed the network stalled at a fixed block height for an extended period, even as the Foundation said a restart was expected within hours. Source: flowscan The uncertainty rippled through the market as the FLOW token fell more than 40% following the exploit and rollback announcement, and some centralized exchanges temporarily suspended transactions. Source: DefiLlama Data on DefiLlama showed Flow’s total value locked dropped from $107 million to $73.8 million after the incident before rebounding to about $97.2 million, a 31% recovery in 24 hours. Rollback Debate Ends as Flow Adopts Narrow Recovery Plan Criticism intensified as legal and technical observers weighed in. Delphi Labs general counsel Gabriel Shapiro said the approach risked pushing losses onto bridges and issuers by effectively creating unbacked assets, while Smirnov argued that the financial damage from a rollback could exceed the original exploit. Chain rollbacks remain rare and contentious in crypto because they undo confirmed transactions and raise questions about decentralization and trust. Facing mounting pressure, the Flow Foundation shifted course. On Dec. 29, it announced a revised remediation plan developed in consultation with bridge operators, exchanges, and validators. The updated approach abandoned a global rollback and instead focused on isolating and destroying fraudulently minted tokens while preserving legitimate user activity. Dapper Labs, which launched Flow, said it reviewed and supported the revised plan. Following this update from Flow, we want to make it clear that no Dapper Labs user balances or assets are impacted. Including the Dapper Labs treasury. Dapper Platforms will be back online when the Flow network resumes normal operations, currently expected to happen in ~6… https://t.co/NPx6vtSqFw — Dapper Labs (@dapperlabs) December 27, 2025 Under the new plan, the network would restart in phases, temporarily restricting accounts identified through independent forensic analysis as recipients of illicit tokens. Validators later approved a software upgrade enabling this targeted remediation, and the network returned online in a read-only testing mode ahead of a phased restoration. The Foundation said more than 99.9% of accounts would remain unaffected, with ongoing updates promised as normal operations gradually resume. The post Flow Blockchain Plans Controversial Rollback to Undo $3.9M Hack — Partners “Blindsided” appeared first on Cryptonews .
