Layer-1 network Flow scrapped plans to roll back its blockchain after a $3.9 million exploit, reversing course after pushback from ecosystem partners who warned that rewriting chain history would undermine decentralization and create operational risks.
Instead, the network released a statement on Dec. 29 saying it will restart from the last sealed block before transactions were halted on Dec. 27, preserving all legitimate transaction history, according to a recovery plan shared with partners. The revised approach avoids a chain realignment and instead targets fraudulent assets through account restrictions and token destruction.
The exploit and the initial rollback proposal weighed heavily on the FLOW token, which is down about 42% since the incident, CoinGecko data shows.
What happened
Over the weekend, Flow confirmed the attack on X, stating that it exploited a vulnerability in its execution layer but did not compromise existing user balances, noting that all legitimate deposits remain intact.
To recover the funds and reverse the exploit, Flow originally proposed the rollback proposal via X on December 27th. Under the rollback recovery framework, accounts that have received fraudulent tokens will be temporarily restricted while those assets are withdrawn and burned, and affected decentralized exchange pools will be rebalanced using tokens held by the fund.
Rolling back transactions on a blockchain has previously been discussed by the community as a potential way to return a network to a state prior to a specific event, in this case the attack. The reversal would effectively erase the malicious transactions and restore lost funds. While the idea is to help a hacked network, this raises questions about the fundamentals of cryptographic networks: decentralization. No centralized entity can change the blockchain network and ensure that it remains immutable and free from manipulation. But if a rollback happens, it effectively means that a centralized entity will be able to change how the network works.
The Flow episode unsurprisingly renewed this debate about how decentralized the network is during crisis situations, as foundations and validators weigh intervention against immutability. In the case of Flow, sharp criticism came from developers and infrastructure providers, who warned that it could force days of reconciliation work for bridges and exchanges and introduce replay risks.
For example, Alex Smirnov, co-founder of deBridge, one of Flow’s major bridge providers, told X that his company received “zero communication or coordination” from Flow before the rollback plan was launched. He warned that a rollback could have created unsettled liabilities for users who entered or exited assets under the affected window.
‘I like their new plan’
After the backlash, Flow said it has revised its original plan in response to feedback received from the community.
The new plan still relies on extraordinary management measures, including a temporary software upgrade that gives the network service account powers that don’t exist during normal operations. Validators must approve the change, and Flow says the permissions will be revoked once the remediation is complete.
The decision not to go through with the rollback plan was applauded by some industry observers.
Blockchain analyst Matthew Jessup said Flow’s new recovery plan is sound and, unlike the original rollback, has no decentralization implications. “I like their new plan. It relies on validators to comply and approve. Keeping the EVM chain read-only is a good decision as it gives the team time to fix the exploits.”
However, it remains unclear whether the $3.9 million taken in the exploit can be recovered, as experts have cast doubt on this possibility.
Recovering hacked funds largely depends on where they end up, Grant Blaisdell, co-founder of blockchain analytics firm Coinfirm and CEO and co-founder of Copernic Space told CoinDesk. “Whether the funds landed on a centralized exchange, how quickly the incident was reported and the exchange’s willingness to cooperate all play a role,” he said. “Once the funds are disposed of, recovery becomes a complex legal process across multiple jurisdictions.”
Jessup also said he doubts they can recover the assets, noting that the hacker moved them into the Bitcoin network after the attackers mostly transferred assets outside the network through bridges in the Ethereum network. This was confirmed in an X post by B-Block, an Arkham partner.
Read more: Arthur Hayes Floats Idea of Rolling Back Ethereum Network to Negate $1.4B Bybit Hack, Drawing Community Ire
