Flow Hack

In December 2025, the Flow blockchain suffered a roughly $3.9 million breach caused by an execution-layer vulnerability that let an attacker mint and transfer assets across services before the network was halted, per PeckShield. Unlike a typical application-level exploit, the flaw sat in the chain’s execution environment, giving the attacker the ability to create and move value that the protocol layer treated as legitimate. Validators halted the network to contain the damage and coordinate a fix. The incident, one of December’s top five losses, highlighted that base-layer execution logic is itself an attack surface, and underscored the importance of formal verification of consensus and execution code, rapid network-halt circuit breakers, and layered validation before assets are credited.