Altcoin NewsDailysyncNews
👁 Reviewed by

Our Editorial Standards

CryptoTale ensures top-quality, reliable content through rigorous expert writing, detailed fact-checking, professional editing, and unique visuals, delivering accessible, valuable articles aligned with strict editorial standards and guidelines

Click for more details

Flow Network Completes Phase 4 Counterfeit FLOW Recovery

Photo of Arslan Tabish Arslan TabishJanuary 13, 2026Last Updated: January 13, 2026
3 minutes read
Flow Network Completes Phase 4 Counterfeit FLOW Recovery
  • Final counterfeit FLOW recovered from Binance and HTX; tokens isolated on-chain now.
  • Flow to revoke emergency council access on Jan. 13, 2026, ending recovery powers.
  • Counterfeit FLOW destruction is scheduled for Jan. 30, 2026, after exposure review.

Flow Network said the final recovery of outstanding counterfeit FLOW has been completed from centralized exchanges. The recovery included Binance and HTX, closing the last operational step of its Isolated Recovery Plan. The Community Governance Council executed the retrieval. All traced counterfeit FLOW is now isolated on-chain. Permanent destruction is set for Jan. 30, 2026.

An X post from the project confirmed the conclusion of Phase 4 of the Isolated Recovery Plan. Validator network participants ratified the mandate through super-majority consensus. Forensic partners were cited as the source for tracing and confirming the counterfeit token set. 

Emergency Access On Jan. 13 As Token Burn Nears

Next, the Foundation would remove the elevated access used during the recovery process. January 13, 2026 was scheduled for revoking the temporary permissions held by the Community Governance Council. Flow described the access as an emergency measure deployed for the first time in the network’s five-year history. 

Governance controls were emphasized as part of the response. The company said every power granted to the Governance Council and every action taken is transparent and auditable on-chain. Majority approval from network validators is required for node software updates to proceed.

Token destruction remains the final step in removing counterfeit supply from the system. The Foundation scheduled the burn of counterfeit tokens for January 30, 2026. External legal counsel and forensic partners are coordinating with exchanges to assess possible user exposure. The platform said it would cooperate with exchange partners to restore full deposit and withdrawal functionality across all trading venues.

Service restoration has already resumed on several platforms. Coinbase, Kraken, and Gate reopened deposits and withdrawals, according to Flow. The Foundation said the objective is a complete return to normal operations everywhere FLOW trades. 

Related: Bitfarms Exits Latin America to Fund North American AI Build

The incident began on December 27, 2025, according to the Foundation’s timeline. The platform said an attacker exploited a vulnerability in the Flow network to counterfeit tokens and extract about $3.9 million across bridges. No existing user balances were accessed or compromised.

Cadence Exploit

Containment actions reduced the ability to liquidate the counterfeit tokens. Flow  Network said most counterfeit assets were contained on-chain or frozen by exchange partners before liquidation. 

Validators ratified a decentralized governance action authorizing the permanent destruction of 100% of counterfeit assets. Network operations resumed on December 29, 2025 and continued with full transaction history preserved.

Technical details described the exploit as highly coordinated. The attacker deployed more than 40 malicious smart contracts in a sequence designed to defeat runtime protections. Flow network said the exploit relied on a three-part attack chain. Each part weakened safeguards that normally prevent duplication of protected assets.

First, the attacker bypassed attachment import validation, according to Flow’s report. Second, defensive checks on built-in types were circumvented to avoid enforcement rules. Third, contract initializer semantics were exploited to complete the counterfeit flow. 

Root cause analysis identified a vulnerability in the Cadence runtime v1.8.8. The issue was patched in v1.8.9 and later. The flaw allowed a protected non-copyable asset to be disguised as a standard data structure that could be copied. 

Exchange coordination became a central part of remediation. After bridging assets out of the network, the attacker attempted to deposit counterfeit FLOW into multiple centralized exchanges. Abnormally large deposits triggered freezes through internal AML protocols.

The platform said about 50% of counterfeit deposits were returned by exchange partners and destroyed. OKX, Gate, and MEXC were named as cooperative venues in that stage. Continued coordination with remaining exchanges led to the final retrieval, including Binance and HTX, according to the Foundation.

Disclaimer: The information provided by CryptoTale is for educational and informational purposes only and should not be considered financial advice. Always conduct your own research and consult with a professional before making any investment decisions. CryptoTale is not liable for any financial losses resulting from the use of the content.

Tags
Photo of Arslan Tabish Arslan TabishJanuary 13, 2026Last Updated: January 13, 2026
3 minutes read

Related Articles

India Tightens Crypto KYC As Nigeria Links Trades To Tax IDs

India Tightens Crypto KYC As Nigeria Links Trades To Tax IDs

January 13, 2026
Europe Tightens Crypto Finfluencer Rules As ESMA Widens Clampdown

Europe Tightens Crypto Finfluencer Rules As ESMA Widens Clampdown

January 13, 2026
PancakeSwap Community Discusses To Reduce CAKE Max Supply

PancakeSwap Community Discusses To Reduce CAKE Max Supply

January 13, 2026
Polymarket Projects 27% Probability for Bitcoin to Reach $100K

Polymarket Projects 27% Probability for Bitcoin to Reach $100K

January 13, 2026
Back to top button