The aftermath of the damaging December 27, 2025, security breach on the Flow blockchain continues to ripple through its volatile ecosystem, particularly affecting platforms that offer loans backed by non-fungible tokens (NFTs). While the Flow Foundation has emphasized that no direct user funds were compromised in the incident, the temporary shutdown of the network’s transaction processing capabilities created significant challenges for borrowers and lenders.
The exploit targeted a vulnerability in Flow‘s execution layer, allowing an attacker to drain approximately $3.9 million in assets before validators halted operations. The urgency of the situation was underscored by a swift response from the Flow team, who promptly communicated through social media channels. A tweet from Flowty noted, “ VERY IMPORTANT – PLEASE READ 
As you have likely seen, @flow_blockchain was exploited on December 27. According to the Flow team, no user assets or balances were impacted as part of the exploit.”
As you have likely seen, @flow_blockchain was exploited on December 27. According to the Flow team, no user assets or balances were impacted as part of the exploit. In response, the Flow team initiated a blockchain pause that lasted until 10…
— Flowty (@flowty_io) December 30, 2025
In an effort to bolster security, the foundation paused the Cadence smart contract environment—a key component for running transactions—until December 29 to implement fixes. However, this precaution fell at a particularly inconvenient time, coinciding with the maturity dates of several NFT-collateralized loans, which left borrowers unable to make repayments or transfer assets.
Flowty, a prominent NFT lending protocol on the network, reported that 11 such loans reached their due dates during the downtime. Out of these, only one loan was settled automatically through a pre-set autopay feature, while eight loans went into default. The remaining two could not be processed due to restrictions on certain accounts linked to the breach.
Even after the network resumed basic operations, persistent issues with token swaps and other functionalities hindered users’ ability to acquire necessary funds for repayments. In response to these complications, Flowty announced on December 30 that it would temporarily halt all loan settlements starting at 2:15 p.m. ET.
With this new policy in place, loans maturing during the recovery phase will neither default nor fully settle; instead, they will remain active in a suspended state referred to as “limbo.” This decision affects both borrowers and lenders. Lenders will forgo additional interest on paused positions, while borrowers, even those with sufficient resources, are unable to close out loans to retrieve their collateralized NFTs.
The rationale behind this decision was to prevent unfair defaults resulting from technical limitations that were beyond users’ control, especially given the unique and often irreplaceable nature of the NFTs used as collateral. To further mitigate risk exposure, Flowty has suspended the creation of new loans and delisted all active offerings from its marketplace.
The broader market has also felt the strain, with the native FLOW token experiencing sharp declines. Following the exploit, it initially fell by around 40% and continued to slide, dropping another 17% to approximately $0.086 by late December, according to market data. As of early January 2026, the token hovers near $0.088, reflecting ongoing investor caution amid the recovery efforts.
This incident serves as a stark reminder of the vulnerabilities inherent in decentralized finance protocols, especially during network disruptions. It underscores the delicate balance between necessary security measures and user accessibility within blockchain ecosystems.
