Flow destroys 87.4 billion counterfeit tokens from December $3.9M security incident

The Flow Foundation has confirmed the permanent, onchain destruction of 87.4 billion counterfeit FLOW tokens. 

The project regarded the token burn as the final step in the remediation process that began in response to the security incident from December 27 and was executed by the Community Governance Council. 

Flow commits to moving on from December hack 

An official post from the Flow Foundation confirmed the permanent destruction of the counterfeit $FLOW tokens. The burning of the counterfeit tokens completely removes all seized counterfeits from circulation and completes the final mechanical step of Flow’s isolated recovery plan as outlined in the December technical post-mortem.

Network operations returned to normal after validators deployed a security patch within 24 hours of the incident, complete with extra security safeguards implemented across the protocol to prevent a repeat of such in the future. 

As for exchange and infrastructure services, those continue to be restored through active coordination with partners. The post claims Kraken, Gate, and Coinbase have already fully resumed $FLOW deposits and withdrawals, while additional exchange services are completing reconciliation processes and are expected to resume imminently.

The network is also back to full operational health, with ongoing ecosystem activity back to over 3 million transactions in a single week. Its core DeFi protocols too are fully operational, and developer activity as well as protocol deployments have returned to pre-incident levels.

Now that the security remediation is complete, Flow turns its attention to continued ecosystem growth and product development.

The network’s recent protocol upgrades introduce ongoing deflationary pressures via transaction fee mechanisms, aligning tokenomics with long-term network sustainability.

Flow takes steps to avoid repeat exploit

The Flow network experienced an exploit in December 2025 when a hacker capitalized on a type confusion vulnerability in the Cadence runtime. 

This allowed them to create counterfeit tokens without minting new ones or draining user wallets. No legitimate user balances were compromised as a result, but the hacker was able to bridge out and realize about $3.9M in value using venues like Celer and deBridge, before validators halted the network. 

The hacker would have gotten away with far more; the total duplicated supply was around 88B FLOW, with over a billion tokens moved to centralized exchanges. Thanks to the prompt response from cooperative exchanges, the larger volumes of counterfeit tokens were contained. 

The remaining were isolated onchain via restrictions and the Isolated Recovery Plan. The plan was chosen over a full chain rollback, which faced significant pushback as it would not preserve history or minimize disruption to bridges/exchanges, as reported by Cryptopolitan. 

The Foundation has committed to several guarantees to strengthen network security and resilience to prevent a repeat in the future. These guarantees have seen runtime type validation boundaries hardened and covered by regression tests, while supply anomaly detection and execution-layer monitoring were expanded to surface similar conditions earlier.

Elevated recovery permissions for the Community Governance Council introduced during remediation will reportedly be revoked following completion of all recovery phases. There has also been a review of the bug-bounty program, which led to an increase in rewards to align more closely with the increased TVL.

The Foundation has also decided to enhance the security procedure to provide timely and accurate communication with all partners and establish feedback channels early on. 

Lastly, the Foundation will ensure that future incident responses clearly distinguish between proposals under consideration and finalized decisions. A process to align with all stakeholders and converge on a decision.