The aftermath of the damaging December 27, 2025, security breach on the Flow blockchain continues to ripple through its volatile ecosystem, particularly affecting platforms that offer loans backed by non-fungible tokens (NFTs). While the Flow Foundation has emphasized that no direct user funds were compromised in the incident, the temporary shutdown of the network’s transaction processing capabilities created significant challenges for borrowers and lenders.
The exploit targeted a vulnerability in Flow‘s execution layer, allowing an attacker to drain approximately $3.9 million in assets before validators halted operations.
🚨 VERY IMPORTANT – PLEASE READ 🚨
As you have likely seen, @flow_blockchain was exploited on December 27. According to the Flow team, no user assets or balances were impacted as part of the exploit. In response, the Flow team initiated a blockchain pause that lasted until 10…
— Flowty (@flowty_io) December 30, 2025
In response, the foundation paused the Cadence smart contract environment—a key component for running transactions—until December 29 to implement fixes and ensure security.
This precautionary measure, though necessary, coincided with the maturity dates of several NFT-collateralized loans, leaving borrowers unable to make repayments or transfer assets.
Flowty, a prominent NFT lending protocol on the network, reported that 11 such loans reached their due dates during this downtime.
Only one was settled automatically through a pre-set autopay feature, while eight went into default.
The remaining two could not be processed due to restrictions on certain accounts linked to the breach.
Even after the network resumed basic operations, persistent issues with token swaps and other functionalities hindered users’ ability to acquire necessary funds for repayments.
To mitigate further complications, Flowty announced on December 30 that it would temporarily halt all loan settlements starting at 2:15 p.m. ET.
Under this policy, any loans maturing during the ongoing recovery phase will neither default nor fully settle; instead, they will stay active in a suspended state, often referred to as “limbo.”
The platform intends to establish a specific grace period for repayments once the broader ecosystem regains full stability, although no firm date has been provided.
This decision impacts both parties in the lending process. Lenders will forgo additional interest accumulation on these paused positions, and borrowers—even those with adequate resources—cannot close out loans to retrieve their collateralized NFTs.
Flowty cited the need to prevent unfair defaults caused by technical limitations outside users’ control, especially given the unique and often irreplaceable nature of NFTs used as collateral.
Additionally, to reduce risk exposure, Flowty has suspended the creation of new loans and delisted all active offerings from its marketplace.
The broader market has felt the strain as well, with the native FLOW token experiencing sharp declines.
It initially fell around 40% in the wake of the exploit and continued to slide, dropping another 17% to approximately $0.086 by late December, according to market data.
As of early January 2026, the token hovers near $0.088, reflecting ongoing investor caution amid the recovery efforts.
This incident highlights the vulnerabilities in decentralized finance protocols during network disruptions, underscoring the seemingly fine balance between security measures and user accessibility in blockchain ecosystems.
