Cardano faced a rare and serious network disruption this week after a malformed ADA delegation transaction triggered a long-standing code flaw and caused the blockchain to split into parallel chains.
The issue, sparked by what the attacker described as a personal AI-assisted challenge, forced exchanges to pause ADA transfers, caused wallet failures on affected nodes, and pushed Cardano into one of the most high-profile recovery efforts in its history. Founder Charles Hoskinson confirmed that the FBI is now investigating the incident as a potential federal cybercrime.
Despite the severity of the disruption, the network eventually recovered within 24 hours. Cardano’s response included emergency hotfixes, rapid coordination among stake pool operators, and strong community mobilization. Hoskinson dismissed claims that the exploit halted the network and highlighted the resilience of the system under stress.
Make sure to share it when the FUD comes rolling in pic.twitter.com/dt3WSVgYvO
— Charles Hoskinson (@IOHK_Charles) November 23, 2025
How the Exploit Happened
The incident began with an obscure deserialization flaw that has quietly existed in Cardano’s codebase since 2022. The bug allows a delegation transaction containing an oversized hash to behave differently depending on node version:
- Updated nodes accept the malformed transaction
- Legacy nodes reject it
This mismatch creates a scenario every blockchain wants to avoid, honest nodes disagree about chain validity.
At around 08:00 UTC on November 21, the crafted transaction went live. Instead of standard rejection, it forced nodes to diverge:
- Newer nodes processed the transaction and moved ahead
- Older nodes stayed on the intended chain
- Validators began producing blocks on two separate histories
For a short period, Cardano existed as two different chains operating in parallel.
Chain Split and Immediate Impact
The effects were fast and visible:
- Around 30% to 40% of nodes followed the poisoned chain
- The rest continued on the healthy chain
- Wallets and decentralized applications on the poisoned side failed
- Stake pool operators missed block rewards
- Binance and other exchanges paused ADA withdrawals and deposits
Users on social platforms joked that few people even noticed the outage “because nobody uses it,” but under the hood the implications were serious. A live chain split in a top proof-of-stake network is rare and potentially dangerous.
Cardano did not fully go down, but for several hours, the blockchain was operating in two conflicting states.
The Attacker Speaks
The person behind the crafted transaction went public under the name Homer J, offering details about the motivation and method. According to his comments:
- It was a personal challenge
- AI helped recreate the malformed delegation
- Similar experiments had already been tested on the Cardano Preview testnet
He did not present the attack as a malicious campaign but as a technical test of Cardano’s resilience. However, the consequences were real. Because the exploit impacted the live mainnet and triggered service disruptions across wallets, operators, and exchanges, Hoskinson framed the episode as a targeted cyberattack.
He also pointed to activity in a Discord group known as Fake Fred, which has been associated with anti-IOHK sentiment.
Charles Hoskinson Responds
Hoskinson quickly published several updates to address the unfolding situation. He pushed back on the narrative that Cardano was taken offline or “halted,” stating that the network remained live throughout the event.
His key points:
- The exploit targeted an obscure edge-case bug
- Issues like this are common in blockchain development
- The network handled the disruption without total failure
- Cardano’s engineering proved its resilience
- The matter has been escalated to federal authorities
Hoskinson confirmed direct communication with the FBI, contributing to what appears to be one of the first recorded instances where a proof-of-stake network split has led to law enforcement involvement.
The FBI has now opened a formal investigation, treating the issue as a potential federal cybercrime.
Post-Mortem https://t.co/fI3s6hQGQs
— Charles Hoskinson (@IOHK_Charles) November 22, 2025
Emergency Recovery Efforts
Once the exploit was active, the network response was immediate. Cardano developers moved quickly and released emergency hotfix software in node versions 10.5.2 and 10.5.3. Stake pool operators rushed to install updates, allowing their nodes to reject the malformed transaction, restore chain consistency, and converge back to the correct history.
Within 24 hours:
- Upgraded nodes rejoined the right chain
- The split resolved
- Wallets and dApps began functioning normally
- Exchanges prepared to lift transaction restrictions
- Cardano’s chain stabilized completely.
The rapid recovery reinforced Cardano’s commitment to reliability. While critics mocked the situation publicly, the actual engineering response demonstrated the project’s ability to navigate a high-stress network challenge in real time.
The “Vibe Coding” Controversy
The attack triggered a public debate about development practices in the blockchain sector. Commentator Nic Carter referred to the incident as the result of “vibe coding,” implying that Cardano’s engineering lacked rigor or best-practice discipline.
Hoskinson pushed back sharply. He argued that the term minimized the seriousness of the exploit and the sophistication of the network’s recovery. He also noted that the bug itself was not a result of sloppy work, but part of the natural maturity process every long-running codebase experiences.
The exploiter himself admitted that the motivation was not ideological but a personal AI-guided challenge. This further undercut the narrative that Cardano had suffered a breakdown due to cultural or organizational failures.
Cardano’s Resilience on Display
The incident provides several key takeaways for the ecosystem:
- The flaw existed since 2022 but remained dormant
- A single malformed transaction was enough to split the chain
- Recovery succeeded because operators and developers acted quickly
- The network never fully went down
- Chain convergence succeeded within one day
- Law enforcement involvement marked a new milestone in blockchain accountability
Cardano remains one of the most mature and widely scrutinized proof-of-stake networks. The exploit exposed an issue, but it also showed that the network could absorb a live attack, recover under pressure, and continue functioning without catastrophic failure.
Cardano will continue reinforcing its infrastructure to avoid similar edge-case exploits. The event put a spotlight on the importance of:
- Rapid code patching
- Security audits
- Node version coordination
- Off-chain monitoring
- Community response systems
The FBI’s investigation will move forward, and depending on the findings, the case may become a reference point for how future proof-of-stake security breaches are handled.
For now, Cardano stands on the other side of a stress test that few blockchains ever face live. The network survived the challenge, adapted quickly, and continues operating, stronger, more transparent, and better battle-tested.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!