Flow Foundation: Confirmed that the execution layer vulnerability was exploited, resulting in an outflow of approximately $3.9 million in assets, network rollback, and a delay in restart

Flow Foundation has released an official update stating that attackers exploited a vulnerability in the Flow execution layer to transfer approximately $3.9 million in assets off-chain before the validator coordination downtime. The foundation emphasized that this incident did not affect any existing user balances, and all user deposits remain intact.

The outflow of funds was primarily transferred via cross-chain bridges, and the attacker's address has been identified and marked. The related money laundering paths are being tracked in real-time, and freeze requests have been submitted to Circle, Tether, and major exchanges. The foundation stated that the network has been isolated, and a vulnerability fix has been released and is in the verification and deployment phase.

To remove unauthorized transactions, the network will roll back to a checkpoint prior to the attack, and legitimate transactions submitted during that period will need to be resubmitted after the restart. In light of feedback from validators and ecosystem partners, the foundation has decided to extend the coordination time to ensure consensus across the network and long-term security, and will not rush to restart before completing thorough consultations. User funds remain secure throughout this process, and updates will continue to be released according to the established timeline.