Binance Delists Flow Pairs After $3.9M Hack, Adds Tokens to Risk Watchlist

In a Friday announcement, Binance confirmed the elimination of nine spot trading pairs from its exchange, with the changes taking effect on Saturday. Among these was the FLOW/BTC spot trading pair. Separately, Binance Margin also announced the delisting of FLOW/BTC margin trading pairs, effective January 3, 2026, at 04:00 UTC. In an additional notice, the exchange included FLOW and three other tokens on its monitoring tag list, a designation used to inform users about elevated risk profiles.

The Flow Foundation confirmed that the exploit on December 27, 2025, targeted a vulnerability in the network’s execution layer, allowing an attacker to mint unauthorized tokens and siphon approximately $3.9 million in assets. Data from an official Flow Foundation report and analysis from partners like Find Labs confirmed the $3.9 million withdrawal.

Following the exploit, the Flow Foundation noted it was concerned by one exchange’s handling of this incident, referring to an AML/KYC failure that allegedly allowed the hackers to deposit the stolen FLOW tokens, convert a substantial portion to Bitcoin, and withdraw over $5 million within hours before the network was halted. Some users speculated that this unnamed exchange could have been Binance.

In response, Binance stated it had traced and frozen the hacker’s remaining funds held on its platform to protect users. The exchange also urged the Flow project team to provide a detailed post-mortem of the exploit and emphasized that if the Flow team implements any recovery mechanism, Binance exchange wallets should be excluded from such rollbacks to prevent complicating user balances.

The delisting and addition to the Watchlist by Binance are direct responses to the $3.9 million security breach on the Flow blockchain. Binance applies the monitoring tag to tokens that exhibit notably higher volatility and risks compared to other listed tokens, indicating a risk of these tokens no longer meeting listing requirements. This measure aligns with Binance‘s risk management protocols, which include close scrutiny for potential volatility, project viability, and regulatory compliance to enhance user awareness regarding assets with elevated risks.

The exact identity of the exchange that Flow referred to regarding the alleged AML/KYC failure remains officially unconfirmed by Flow. The precise date when the Flow Foundation‘s expected comprehensive post-mortem report and complete ecosystem restoration were finalized is also not specified in the current announcements.

As of last Friday, the Flow Foundation indicated it was actively working on fully restoring the blockchain ecosystem. Their plan includes addressing user account restoration and remediating fraudulent tokens. The foundation had initially projected a comprehensive post-mortem report on the hack within 48 hours and complete ecosystem restoration expected this week following their announcement. The network entered a phased recovery, with the Cadence environment returning to normal operations, while the EVM environment was temporarily limited to read-only mode.

Users who held FLOW tokens on Binance or other exchanges should monitor official announcements from both Binance and the Flow Foundation for updates on the restoration process and any potential impact on their assets.

• Review their portfolios for exposure to FLOW and other tokens designated with monitoring tags on Binance.
• Exercise caution with tokens identified as having higher risk profiles due to increased volatility or potential listing requirement concerns.
• Stay informed by checking official Binance announcements regarding delisted pairs and risk warnings. Binance News
• Consult the Flow Foundation‘s official channels for details on the ongoing recovery efforts and post-mortem reports.
• Understand the implications of execution layer vulnerabilities in blockchain networks. For more technical context, see Bitrue’s analysis of the Flow hack.