- final fake flow Recovered from Binance and HTX. Tokens are currently separated on-chain.
- Access to the emergency council will be revoked and recovery powers will end on January 13, 2026.
- forgery flow Decommissioning is scheduled for January 30, 2026, following exposure review.
Flow Network said it had finally recovered the outstanding counterfeits. flow Completed from a centralized exchange. This recovery also includes Binance and HTX, marking the end of the final operational phase of the separation recovery plan. The Community Governance Council carried out the recall. All traced counterfeits flow It is currently isolated on-chain. Permanent destruction is set for January 30, 2026.
An X post from the project confirms the completion of Phase 4 of the Quarantine Recovery Plan. Participants in the validator network approved this obligation through supermajority consensus. Forensic partners are cited as a source of information for tracking and verifying counterfeit token sets.
Completed Isolated Recovery – Counterfeit flow I have recovered
The final collection of outstanding counterfeit goods took place this morning. flow The removal from the remaining centralized exchanges, including Binance and HTX, was carried out by the Community Governance Council.Currently everything is fake flow Tracker… https://t.co/3SNXwXfdkU
— Flow.com (@flow_blockchain) January 12, 2026
Emergency access on January 13th as token burn approaches
The Foundation will then remove any elevated access used during the recovery process. On January 13, 2026, the temporary permit held by the Community Governance Council was scheduled to be revoked. Flo explained that this access is the first emergency measure introduced in the network’s five-year history.
Governance management was emphasized as part of the response. The company said that all powers given to the Governance Council and all actions taken are transparent and auditable on-chain. Approval by a majority of network verifiers is required to proceed with the node software update.
Token destruction remains the final step in eliminating the supply of counterfeit goods from the system. The Foundation scheduled the incineration of the counterfeit tokens on January 30, 2026. External legal counsel and forensic partners are coordinating with the exchange to assess potential user exposure. The platform said it is working with its exchange partners to restore full deposit and withdrawal functionality across all trading venues.
The service has already been restarted on several platforms. According to Flow, Coinbase, Kraken, and Gate have resumed deposits and withdrawals. The foundation said the goal is a full return to normal operations everywhere flow transaction.
Related: Bitfarms pulls out of Latin America to fund North American AI development
According to the Foundation’s timeline, the incident began on December 27, 2025. According to the platform, attackers exploited vulnerabilities in the Flow network to forge tokens and exfiltrate approximately $3.9 million via the bridge. No existing user balances were accessed or compromised.
cadence exploit
Containment measures have reduced the ability to liquidate counterfeit tokens. Flow Network said most of the counterfeit assets were locked on-chain or frozen by exchange partners before liquidation.
Validators have approved decentralized governance measures authorizing the permanent destruction of 100% of counterfeit assets. Network operations resumed on December 29, 2025 and continued with complete transaction history preserved.
Technical details describe the exploit as highly tailored. The attackers deployed over 40 malicious smart contracts in a sequence designed to disable runtime protections. Flow Network said the exploit relied on a three-part attack chain. Each part weakened safeguards that would normally prevent duplication of protected assets.
According to Flow’s report, the attackers first bypassed attachment import validation. Second, the built-in defensive checks were bypassed to circumvent the enforcement rule. Third, the contract initializer semantics were exploited to complete the forgery flow.
Root cause analysis identified a vulnerability in Cadence runtime v1.8.8. This issue has been patched in v1.8.9 and later. This flaw could allow protected non-copyable assets to be disguised as copyable standard data structures.
Replacement coordination became a central part of the restoration. After bridging the assets from the network, the attacker attempted to deposit counterfeit goods. flow Distributed across multiple centralized exchanges. An unusually large deposit triggered a freeze through internal AML protocols.
The platform said around 50% of the fake deposits were returned and destroyed by exchange partners. OKX, Gate, and MEXC were listed as collaborating venues on that stage. The foundation said continued coordination with the remaining exchanges led to the final recall, including Binance and HTX.
Disclaimer: The information provided by CryptoTale is for educational and informational purposes only and is not to be considered financial advice. Always do your own research and consult a professional before making any investment decisions. CryptoTale is not responsible for any financial loss arising from the use of the Content.
