Flow Incinerates 87.4 Billion Counterfeit Tokens Linked to December’s $3.9 Million Breach
Flow just torched a mountain of fake tokens—87.4 billion of them—in a decisive strike against the perpetrators of last December's $3.9 million exploit.
The Burn Notice
Network validators executed a coordinated token burn, permanently removing the fraudulent assets from circulation. The move neutralizes the ill-gotten haul from the security breach, preventing any further market contamination.
Closing the Loop
This isn't a simple patch—it's a surgical removal. By destroying the tokens at the protocol level, Flow effectively rewinds the hacker's ledger, stripping the stolen value from their digital wallet. It sends a clear message to would-be exploiters: even successful breaches have a short shelf life here.
The Aftermath
The action stabilizes the token's integrity post-exploit. While the initial theft shook confidence, the aggressive response demonstrates a chain that can defend its own economy—a stark contrast to networks that let stolen funds linger and distort trading for months. Sometimes, the best security feature is a good old-fashioned incinerator.
The Bottom Line
Flow cuts off the exploit's profit motive at the source. It's a textbook case of blockchain governance working as intended—transparent, immutable, and brutally efficient. A refreshing change from the 'thoughts and prayers' approach some traditional finance institutions take after a heist.
Flow commits to moving on from December hack
An official post from the Flow Foundation confirmed the permanent destruction of the counterfeit $FLOW tokens. The burning of the counterfeit tokens completely removes all seized counterfeits from circulation and completes the final mechanical step of Flow’s isolated recovery plan as outlined in the December technical post-mortem.
Network operations returned to normal after validators deployed a security patch within 24 hours of the incident, complete with extra security safeguards implemented across the protocol to prevent a repeat of such in the future.
As for exchange and infrastructure services, those continue to be restored through active coordination with partners. The post claims Kraken, Gate, and Coinbase have already fully resumed $FLOW deposits and withdrawals, while additional exchange services are completing reconciliation processes and are expected to resume imminently.
The network is also back to full operational health, with ongoing ecosystem activity back to over 3 million transactions in a single week. Its Core DeFi protocols too are fully operational, and developer activity as well as protocol deployments have returned to pre-incident levels.
Now that the security remediation is complete, Flow turns its attention to continued ecosystem growth and product development.
The network’s recent protocol upgrades introduce ongoing deflationary pressures via transaction fee mechanisms, aligning tokenomics with long-term network sustainability.
Flow takes steps to avoid repeat exploit
The Flow network experienced an exploit in December 2025 when a hacker capitalized on a type confusion vulnerability in the Cadence runtime.
This allowed them to create counterfeit tokens without minting new ones or draining user wallets. No legitimate user balances were compromised as a result, but the hacker was able to bridge out and realize about $3.9M in value using venues like Celer and deBridge, before validators halted the network.
The hacker WOULD have gotten away with far more; the total duplicated supply was around 88B FLOW, with over a billion tokens moved to centralized exchanges. Thanks to the prompt response from cooperative exchanges, the larger volumes of counterfeit tokens were contained.
The remaining were isolated onchain via restrictions and the Isolated Recovery Plan. The plan was chosen over a full chain rollback, which faced significant pushback as it would not preserve history or minimize disruption to bridges/exchanges, as reported by Cryptopolitan.
The Foundation has committed to several guarantees to strengthen network security and resilience to prevent a repeat in the future. These guarantees have seen runtime type validation boundaries hardened and covered by regression tests, while supply anomaly detection and execution-layer monitoring were expanded to surface similar conditions earlier.
Elevated recovery permissions for the Community Governance Council introduced during remediation will reportedly be revoked following completion of all recovery phases. There has also been a review of the bug-bounty program, which led to an increase in rewards to align more closely with the increased TVL.
The Foundation has also decided to enhance the security procedure to provide timely and accurate communication with all partners and establish feedback channels early on.
Lastly, the Foundation will ensure that future incident responses clearly distinguish between proposals under consideration and finalized decisions. A process to align with all stakeholders and converge on a decision.
If you're reading this, you’re already ahead. Stay there with our newsletter.
