Flow: Abandon rollback and adopt a new isolation recovery plan

Key points of the new plan include:

1. No rollback/reorganization, all legitimate user activities are preserved;

2. No partner replay of transactions;

3. Over 99.9% of accounts remain unaffected, normal operation resumes after restart;

4. During restart, temporarily restrict accounts receiving illegally minted tokens;

Additionally, the network will recover in phases:

Phase 1: Cadence environment goes live, EVM temporarily limited;

Phase 2: Cadence fixes (approximately 24-48 hours);

Phase 3: EVM fixes and restart;

Phase 4: Cross-chain bridges/exchanges restore access, with specific recovery times determined by the operators based on actual stability.

Last Saturday afternoon, a sudden hacker attack plunged the Flow network into chaos. This Layer 1 network built by Dapper Labs, originally designed for next-generation applications, games, and digital assets, was exploited at the execution layer, resulting in approximately $3.9 million worth of assets being transferred off-chain. Following the attack, its token FLOW was temporarily halved, plummeting from $0.173 to $0.079, and has since slightly rebounded to around $0.107.

FLOW K-line chart

Below, Odaily Planet Daily summarizes this Flow theft incident, official responses, and why it has sparked strong doubts from Flow partners and the community.

Flow Official Emergency Response: Isolate the network and announce rollback plan

After the attack, the Flow Foundation responded quickly and confirmed details of the incident. The attacker exploited a vulnerability at the execution layer to transfer about $3.9 million worth of assets. The event did not affect user balances, and deposits remain safe. The relevant attack addresses have been marked, and money laundering paths are under ongoing tracking. The Foundation has submitted asset freeze requests to Circle, Tether, and several major exchanges.

To clean up illegal on-chain transactions and fix the vulnerability, the Flow Foundation isolated the network and released a mainnet vulnerability fix version Mainnet 28. The initial response plan was to roll back the network state to the checkpoint before the attack, i.e., Cadence block height 137363395, thereby deleting all transactions within approximately 6 hours. All transactions, legal or not, would be cleared, and users would need to resubmit transactions after node restart. The Foundation believes this is the safest way to restore network integrity and repeatedly emphasizes that user funds will not be affected during this process, promising updates every two hours on the event’s progress.

This rollback decision, seemingly decisive, quickly ignited a chain reaction—because the hacker’s funds had already bridged out of the chain, the rollback would have no impact on the attacker, only affecting honest users and partners.

Cross-chain bridge partners and community users strongly oppose, rollback plan criticized

After the rollback plan was announced, cross-chain bridge partners and community users within the Flow ecosystem rapidly questioned it. Alex Smirnov, co-creator of deBridge and a key partner in Flow’s cross-chain bridge, publicly criticized the decision on X (Twitter), calling it too hasty and saying there was no prior communication with key bridge partners. As an important asset channel in the Flow ecosystem, deBridge was not notified in advance of the rollback.

Smirnov pointed out that the potential damage caused by the rollback could far exceed the initial hacker attack itself. Since cross-chain assets had already circulated across multiple systems, forcing a rollback could trigger issues like duplicate assets and inconsistent custody states, ultimately harming the bridges, users, and trading counterparts operating within the window. He disclosed that on deBridge, about $200,000 and $50,000 deposits fell within the rollback window, and executing the rollback could cause one side’s funds to vanish or lead to extreme cases of asset re-minting.

Based on these risks, Smirnov called on Flow validators to pause block production and validation until a comprehensive plan for compensation, partner coordination, and independent security team intervention is clarified. Similar issues are not isolated. As the main cross-chain custodian of USDC on Flow, LayerZero also faces risks of cross-chain transactions totaling approximately $220,000 and $180,000 falling within the rollback window.

In addition to cross-chain partners within the Flow ecosystem, users on X expressed concerns about fund safety, developers questioned the network’s reliability and governance under extreme conditions, and investor sentiment turned cautious, increasing selling pressure. Many voices pointed out that the rollback exposed the centralization control on-chain, turning what was a technical incident into a trust crisis.

Some community opinions further targeted core blockchain principles. Some argued that rollback directly undermines finality and immutability, making Flow more like an alliance chain subject to administrative intervention at critical moments. Others compared this to historical security incidents on other public chains, noting that such situations are usually handled by isolating attacker addresses and freezing funds, rather than globally rolling back the entire network state.

Crypto KOL Wazz (@WazzCrypto) directly stated on X that Flow’s rollback decision is one of the worst handling cases he has seen. In his view, the attacker had already moved about $4 million off-chain, and the rollback would have little to no real impact on them; the real victims are innocent users who use the network via cross-chain bridges.

Flow Official Reverses Stance: Abandon rollback, adopt isolation recovery plan

Faced with strong opposition from partners and the community, the Flow team ultimately decided to abandon the network rollback and switch to an “isolation recovery plan.” This plan was formulated through direct negotiations with cross-chain bridges, exchanges, and infrastructure partners, with key points including:

• No rollback/reorganization, all legitimate user activities preserved;

• No partner replay of transactions;

• Over 99.9% of accounts unaffected, normal operation after restart;

• During restart, temporarily restrict accounts receiving illegally minted tokens;

Additionally, the network will recover in phases:

Phase 1: Cadence environment goes live, EVM temporarily limited;

Phase 2: Cadence fixes (about 24 to 48 hours);

Phase 3: EVM fixes and restart;

Phase 4: Cross-chain bridges/exchanges restore access, with specific timing based on stability confirmation by the operators.

Furthermore, Dapper Labs, the team behind Flow, expressed support for this plan on X, stating “preserve legitimate activities and provide a clear recovery path.”

This “abandon rollback” attitude has temporarily eased the ecosystem’s tension and avoided systemic risks that could arise from a rollback. As of now, the network remains in phased coordination and recovery, with official assurances that user funds are safe.

In the highly uncertain crypto environment, this crisis may become a significant watershed in Flow’s development path, and its long-term impact remains to be seen.