The Flow blockchain plans to restart Sunday after validators roll back the network’s transaction history to a checkpoint prior to a $3.9 million exploit that occurred late on Friday, but the decision to reverse the ledger without coordinating with key ecosystem partners has triggered a backlash from cross-chain bridge operators.
Alex Smirnov, co-founder of deBridge, one of the largest bridge providers supporting Flow, said on X that his team received no advance warning before the rollback was decided upon.
“The Flow team has decided to roll back the blockchain and claimed to be in a forced sync window with key ecosystem partners,” Smirnov wrote. “As one of the main bridge providers for Flow, deBridge has not received any communication or coordination from the Flow team, posing significant risk.”
In response to written questions from The Block, Smirnov said the Flow team did eventually reach out after his public criticism, but remained committed to the rollback approach. “At the time of that communication, they were still leaning toward proceeding with a rollback,” he said. “Our main objective in that discussion was to understand what problem they believe a rollback would solve, given that the attacker had already moved funds off Flow.”
Rollback or hard fork?
Smirnov argued the rollback would punish the wrong people. “From our perspective, a rollback at this stage would not affect the attacker, but would instead impact innocent users, liquidity providers, and ecosystem partners who acted honestly during the rollback window, potentially amplifying the overall damage,” he said.
The criticism extends beyond bridge operators. Smirnov told The Block that a major centralized exchange where FLOW is traded, which deBridge proactively contacted, “confirmed they were not aware of the planned rollback and had received no prior communication.” He declined to name the exchange.
“This lack of coordination is critical, as it leaves uncertainty around how deposits and withdrawals processed during the rollback window should be handled, potentially exposing the exchange to losses,” Smirnov said.
deBridge and LayerZero, another major cross-chain protocol, are now aligned in pushing for an alternative approach: a hard fork that fixes the underlying vulnerability and blacklists addresses that received funds from the exploit, rather than reversing the entire ledger, Smirnov said.
“A targeted hard fork that fixes the vulnerability and confines illicit funds is the only viable option for L1s facing incidents like this,” Smirnov said, pointing to how BNB Chain handled a similar incident in the past. “We’re aligned with LayerZero that a hard fork addressing the vulnerability—rather than a rollback—is the best path forward.”
Smirnov said deBridge itself has no financial exposure due to its “0-TVL, non-custodial design,” but emphasized the broader ecosystem risk. “The concern is not deBridge’s balance sheet, but preventing cascading losses being pushed onto ecosystem partners, liquidity providers and users who had no involvement in the exploit,” he said.
He added that deBridge is encouraging Flow to establish “a war room that would involve bridges, asset custodians, CEXs, and security groups like Seal911 into collaborative discussion to work out the best path forward.”
“We are extending the coordination window to account for the various network partners,” the Flow Foundation said in an X post on Sunday morning, before Smirnov’s initial X post. “Resuming ingestion before all partners are synced could lead to data inconsistencies or service interruptions for users.”
Flow misses target for update post
The Flow Foundation had pledged to publish another update at 7 a.m. PST, a deadline the team has apparently missed. The Foundation did not respond to multiple requests for comment from The Block.
The Flow Foundation confirmed the exploit on December 27, stating that an attacker had exploited a vulnerability in the network’s execution layer. Security expert Taylor Monahan told The Block the attacker was able to “mint native token, FLOW, and other bridged tokens like WBTC, WETH, and stablecoins.” Onchain analyst Wazz identified the attack pattern as consistent with a private key compromise rather than a smart contract bug.
In its recovery announcement, the Flow Foundation said the network would be “restored to a checkpoint prior to the exploit” and that all transactions submitted during the affected window will not be retained and must be resubmitted. The team committed to releasing a technical post-mortem within 72 hours.
The FLOW token plunged more than 40% following the initial exploit disclosure, falling from approximately $0.17 to a low of $0.079 before stabilizing around $0.10, according to The Block’s Flow Price Page. It is currently trading around $0.11. South Korean exchanges Upbit, Bithumb, and Coinone suspended deposits and withdrawals following the exploit, while the Digital Asset Exchange Alliance issued a formal transaction risk warning.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Trade Crypto On Coinhub Exchange
Trade Crypto On Coinhub Exchange
Stay ahead of the market by turning news insights into trading opportunities. With Coinhub Exchange, you can seamlessly buy, sell, and manage your digital assets, all in one secure platform. Take advantage of real-time market insights, deep liquidity, and fast execution for your favorite cryptocurrencies. Don’t just read about it — trade crypto now!
Disclaimer
The content of this article shown by Coinhub News, powered by The Block, is for informational purposes only and should not be construed as financial, legal, tax, or investment advice. Coinhub News and its affiliates are not a licensed financial advisor, legal advisor, broker, or tax advisor, and ... should not be considered as professional advice or a recommendation to engage in any specific investment, legal decision, or financial transaction. Cryptocurrency markets are highly speculative and volatile. Readers should perform their own independent research and consult with a qualified professional before making any financial or legal decisions. The opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Company of its affiliates. Additionally, the Company does not make any representations or warranties regarding the accuracy, timeliness, reliability, or completeness of any information in this article. By accessing this content, you acknowledge that any reliance on the information contained in this article is solely at your own risk. The Company is not responsible for any financial losses, legal disputes, or other damages that may arise from reliance on this content or from any investment or legal decisions based on the information provided. Investing in cryptocurrencies involves substantial risks, including the risk of losing your entire investment, and you should carefully consider whether it is appropriate for your circumstances.
Read more
