Flow Foundation confirms security incident
Flow Foundation has confirmed that it is investigating a security incident affecting the Flow network after the FLOW token plunged more than 54%.
In an initial statement, the team said engineers were working closely with ecosystem partners to identify and resolve the issue, promising to release verified information as soon as it becomes available.
Exploit targeted the execution layer
Flow later confirmed that the attacker exploited a vulnerability in the execution layer of the network.
According to the foundation, the hacker managed to drain approximately $3.9 million, routing the stolen funds through multiple cross-chain bridges, including Celer and deBridge.
User balances not affected
Despite the exploit, Flow Foundation emphasized that user balances are safe and that the incident did not impact existing deposits on the network.
The breach was limited to the execution layer logic and did not compromise individual wallet funds.
Network switched to read-only mode
As an emergency response, Flow has moved into a read-only state.
Blocks are still being produced, but new transactions are temporarily paused. The team is currently coordinating with major partners, including exchanges, bridges, and decentralized applications, to ensure a controlled and secure restart of the network.
A full restart is expected once synchronization across the ecosystem is completed.
Full incident report expected within 72 hours
Flow Foundation stated that a detailed post-mortem report will be published within the next 72 hours. Until then, the team urges users to rely only on official announcements published through its verified X account.
BTCUSA Insight
Flow’s rapid transition to read-only mode likely prevented further losses, but the 54% token crash shows how sensitive the market is to infrastructure-level exploits. Even when user funds are technically safe, confidence can evaporate in minutes after a core-layer breach.
