Flow Network Completes Phase 4 Counterfeit FLOW Recovery

Source: CryptoNewsNet Original Title: Flow Network Completes Phase 4 Counterfeit FLOW Recovery Original Link:

Recovery and Timeline

Flow Network has completed the final recovery of counterfeit FLOW from centralized exchanges, including major trading platforms and HTX. The recovery marks the conclusion of Phase 4 of its Isolated Recovery Plan, with all traced counterfeit FLOW now isolated on-chain. The Community Governance Council executed the retrieval, which was ratified by validator network participants through super-majority consensus.

Permanent destruction of counterfeit tokens is scheduled for January 30, 2026. The Foundation will revoke emergency access granted to the Community Governance Council on January 13, 2026, ending the temporary elevated permissions deployed for the first time in the network’s five-year history.

Exchange Coordination and Service Restoration

Exchange coordination played a central role in remediation efforts. After the attacker attempted to deposit counterfeit FLOW into multiple centralized exchanges, abnormally large deposits triggered internal AML protocol freezes. Approximately 50% of counterfeit deposits were returned by exchange partners and destroyed, with cooperation from various trading venues.

Service restoration has already resumed on several platforms. Deposits and withdrawals have reopened on major exchanges. The Foundation’s objective is complete return to normal operations across all trading venues where FLOW trades.

Technical Details of the Exploit

The incident began on December 27, 2025, when an attacker exploited a vulnerability in the Flow network to counterfeit tokens and extract approximately $3.9 million across bridges. No existing user balances were accessed or compromised.

The exploit was highly coordinated, deploying more than 40 malicious smart contracts in sequence designed to defeat runtime protections. The attack relied on a three-part chain:

1. Bypassed attachment import validation - The attacker circumvented normal validation checks
2. Defeated defensive checks on built-in types - Avoided enforcement rules for protected assets
3. Exploited contract initializer semantics - Completed the counterfeit flow process

Root cause analysis identified the vulnerability in Cadence runtime v1.8.8. The flaw allowed a protected non-copyable asset to be disguised as a standard data structure that could be copied. The issue was patched in v1.8.9 and later versions.

Governance and Transparency

Validators ratified a decentralized governance action authorizing permanent destruction of 100% of counterfeit assets. Every power granted to the Governance Council and action taken is transparent and auditable on-chain. Majority approval from network validators is required for node software updates to proceed.

Network operations resumed on December 29, 2025, with full transaction history preserved. Containment actions significantly reduced the ability to liquidate counterfeit tokens, with most counterfeit assets contained on-chain or frozen by exchange partners before liquidation.