Layer 1 network Flow scrapped plans to roll back its blockchain following a $3.9 million exploit, reversing course after pushback from ecosystem partners who warned that rewriting the chain’s history would undermine decentralization and create operational risks.
Instead, the network issued a statement on Dec. 29 saying it will restart from the last sealed block before transactions were stopped on Dec. 27, preserving all legitimate transaction history, according to a recovery plan shared with partners. The revised approach avoids a chain reorganization and instead targets fraudulent assets through account restrictions and token destruction.
The exploit and initial rollback proposal weighed heavily on the FLOW token, which is down approximately 42% since the incident, CoinGecko data shows.
What happened
Over the weekend, Flow confirmed the attack on
To recover the funds and revert the exploit, Flow initially suggested the reversal proposal through X on December 27. Under the rollback recovery framework, accounts that received fraudulent tokens will be temporarily restricted while those assets are withdrawn and burned, and affected decentralized exchange pools will be rebalanced using tokens held by the foundation.
The community has previously discussed rolling back transactions on a blockchain as a potential way to revert a network to a state prior to a specific event, in this case, the attack. The rollback would effectively delete the malicious transactions and restore the lost funds. While the idea is to help a hacked network, this raises questions about the fundamentals of crypto networks: decentralization. No centralized entity can alter the blockchain network, ensuring that it remains immutable and free from manipulation. However, if a rollback occurs, it effectively means that a centralized entity will be able to alter the operation of the network.
Unsurprisingly, the Flow episode renewed this debate about how decentralized the network is during crisis situations, as foundations and validators weigh intervention versus immutability. In the case of Flow, it came under heavy criticism from developers and infrastructure providers, who warned it could force days of reconciliation work for bridges and exchanges and introduce repetition risks.
For example, Alex Smirnov, co-founder of deBridge, one of Flow’s main bridge suppliers, said in X that his company received “zero communication or coordination” from Flow before the rollback plan was raised. It warned that a rollback could have created unresolved liabilities for users who connected or withdrew assets during the affected window.
‘I like your new plan’
Following the backlash, Flow said it revised its initial plan in response to feedback received from the community.
The new plan still relies on extraordinary governance measures, including a temporary software update that gives the network service account powers that do not exist under normal operation. Validators must approve the change and Flow says the permissions will be revoked once the fix is complete.
Some industry observers applauded the decision not to move forward with the rollback plan.
Blockchain analyst Matthew Jessup said Flow’s new rollback plan is solid and, unlike the original rollback plan, has no decentralization implications. “I like their new plan. It relies on validators to comply and approve. Keeping the EVM chain in read-only mode is a good decision as it gives the team time to fix exploits.”
However, it is still unclear whether the $3.9 million raised from the exploit can be recovered, as experts have cast doubt on this possibility.
Recovery of hacked funds largely depends on where they end up, Grant Blaisdell, co-founder of blockchain analytics firm Coinfirm and CEO and co-founder of Copernic Space, told CoinDesk. “The fact that the funds landed on a centralized exchange, the speed with which the incident was reported, and the exchange’s willingness to cooperate all play a role,” he said. “Once the funds are withdrawn, recovery becomes a complex legal process in multiple jurisdictions.”
Jessup also said he doubts they can recover the assets, noting that the hacker has moved them to the Bitcoin network, after the attackers transferred mostly assets off the network via bridges on the Ethereum network. This was confirmed in an X post by B-Block, an Arkham partner.
Read more: Arthur Hayes raises idea of rolling back Ethereum network to overturn $1.4 billion Bybit hack, drawing community ire
