- Trending
- Comments
- Latest
The Flow blockchain has permanently destroyed 87.4 billion counterfeit tokens created during a December 27, 2025 security exploit that allowed an attacker to extract approximately $3.9 million worth of assets from the network.
The on-chain burn, executed by Flow’s Community Governance Council on January 31, 2026, marks the final step in a multi-week remediation process designed to restore network integrity and remove all fraudulently generated tokens from circulation following a vulnerability in the Cadence runtime.
The incident, which occurred in late December, affected the Flow network globally and was traced to a type confusion vulnerability in the Cadence runtime.
While no legitimate user wallets were drained, the attacker was able to generate and circulate Counterfeit tokens, some of which were bridged out to external venues before validators halted network activity.
In an official post, the Flow Foundation confirmed the “permanent, onchain destruction of 87.4 billion counterfeit FLOW tokens,” describing the action as “the final step in the remediation process.”
According to the Foundation, the burn fully removes all seized Counterfeit tokens from circulation and completes the mechanical phase of its Isolated Recovery Plan first outlined in a December technical post-mortem.
“The burning of the counterfeit tokens completely removes all seized counterfeits from circulation,” — Flow Foundation, Official Post.
“This completes the final mechanical step of Flow’s isolated recovery plan,” — Flow Foundation, Technical Post-Mortem.
The remediation process was overseen by the Community Governance Council, which was granted elevated permissions during the recovery phase to restrict, isolate, and ultimately destroy the duplicated supply. Flow opted against a full chain rollback, citing concerns about preserving network history and minimizing disruption to bridges and exchanges.
Following the containment of the Counterfeit tokens, Flow validators deployed a security patch within 24 hours of the incident. Network operations subsequently returned to normal, with additional safeguards implemented across the protocol to reduce the risk of similar exploits.
Exchange and infrastructure services were restored through coordination with partners. The Flow Foundation confirmed that Kraken, Gate, and Coinbase have fully resumed FLOW deposits and withdrawals, while other exchanges are completing reconciliation processes linked to the movement of Counterfeit tokens during the attack.
“The network is back to full operational health,” — Flow Foundation, Official Update.
According to the Foundation, ecosystem activity has rebounded to more than three million transactions in a single week, with decentralized finance protocols fully operational and developer activity returning to pre-incident levels.
With the Counterfeit tokens removed, Flow says it is shifting its focus back to ecosystem growth, product development, and recent protocol upgrades designed to introduce deflationary pressure through transaction fee mechanisms.
The December 2025 exploit stemmed from a type confusion vulnerability in Flow’s Cadence runtime, enabling the attacker to create Counterfeit tokens without minting new assets or accessing user wallets.
Although user balances remained intact, the attacker successfully bridged out a portion of the duplicated supply, realizing about $3.9 million through venues including Celer and deBridge.
Flow estimates the total duplicated supply at roughly 88 billion FLOW, with more than one billion Counterfeit tokens briefly reaching centralized exchanges. Cooperative exchange responses helped contain larger volumes before they could be fully liquidated.
Remaining tokens were isolated on-chain using transaction restrictions under the Isolated Recovery Plan.
The Foundation said this approach was chosen over a rollback after community pushback and technical assessments showed a rollback would not adequately protect bridges or preserve transaction history.
To prevent future incidents involving Counterfeit tokens, the Flow Foundation has committed to a series of long-term security guarantees. These include hardened runtime type validation boundaries, expanded regression testing, enhanced supply anomaly detection, and deeper execution-layer monitoring designed to surface irregularities earlier.
Elevated recovery permissions granted to the Community Governance Council during remediation will be revoked following the completion of all recovery phases. The Foundation also confirmed a review of its bug bounty program, resulting in increased rewards aligned with the network’s higher total value locked.
Finally, Flow said it will improve incident communication protocols to ensure timely updates to partners and clearer distinctions between proposals under consideration and finalized decisions when responding to future threats involving Counterfeit tokens.
