The Flow Foundation is working with independent blockchain forensics organizations to verify the specific token types and quantities associated with this vulnerability attack.

Flow.com posted on platform X that the Flow Foundation has jointly developed a revised remediation plan with ecosystem partners. This plan was finalized after direct consultations with cross-chain bridge operators, exchanges, and infrastructure partners.

After the network restart, as a preventive measure, all accounts identified as recipients of fraudulently minted tokens will be temporarily restricted. The Flow Foundation is working with independent blockchain forensic agencies to verify the specific token types and quantities related to this vulnerability attack.

The core Flow development team will propose a software upgrade to node operators. This upgrade will temporarily authorize the community governance committee to handle fraudulent assets and requires voluntary adoption by independent node operators — no single entity can act unilaterally.

Once consensus is reached among the validator nodes, the following steps will be executed:

Accounts affected by the attack will be temporarily restricted

Affected accounts will be locked and verified through independent forensic analysis

Fraudulent tokens will be destroyed through transparent, auditable on-chain transactions

Each remediated account will immediately have full access restored

After the plan is completed, subsequent upgrades will revoke all temporarily elevated permissions