The Flow Foundation has officially disclosed details of the incident:
On the night of December 27, a hacker found a vulnerability in Flow and exploited it, withdrawing approximately $3.9 million through the Celer, deBridge, Relay, and Stargate bridges. After discovering the attack, validators immediately shut down the network.
User balances were not affected;
The hacker's address has been identified, and the movement of funds is being tracked — attempts are being made to withdraw assets via Thorchain and Chainflip.
Circle, Tether, and major exchanges have received requests to freeze funds;
The problem in the protocol has been localized, and new unauthorized actions are now impossible.
Network restart
Flow has released a fix and agreed with validators to restart.
The network will be restored to the checkpoint before the attack:
Flow Cadence: block 137363395
Flow EVM: block 51358233
All transactions sent between 11:25 PM PST on December 26 and 5:30 AM PST on December 27 will be erased and will need to be resent after the restart.
Current status
Mainnet 28 update deployed by validators;
The network is operating in read-only mode — blocks are being produced, but transactions are not yet being accepted;
Mandatory synchronization with bridges, exchanges, and DeFi partners is underway to avoid errors after the restart.
Flow will release a final announcement.