A malformed transaction pushed Cardano into a brief chain split on Saturday, as older and newer node versions validated transaction data submitted to the network differently. The mismatch caused some block producers to follow a “poisoned” chain while others stayed on the normal one, prompting an emergency patch and network-wide upgrade instructions.
The incident — which has since been traced to a wallet belonging to a former testnet participant — is being investigated as a potential cyberattack. Cardano ecosystem governance body Intersect said in a post-mortem report that the divergence emerged when newer nodes accepted a malformed transaction that older nodes rejected.
The inconsistency exploited a bug in an underlying software library that validation logic failed to trap. Once propagated, block producers began building on different branches of the chain, creating what the group called a “poisoned” ledger and a parallel “healthy” chain. Devs rushed to deploy patched node software, and operators were instructed to upgrade to rejoin the canonical chain.
Exchanges and wallet providers paused deposits and withdrawals throughout the incident as a precaution, though Intersect said no user funds were lost and most retail wallets were insulated because they relied on components that safely ignored the malformed transaction. Cardano co-founder Charles Hoskinson characterized the event as a targeted, premeditated attack by a disgruntled stake-pool operator who had been seeking ways “to harm the brand and reputation” of Input Output Global (IOG).
He warned the disruption affected all users from block producers losing rewards to DeFi protocols encountering inconsistent state and said restoring full network uniformity could take weeks. There was a premeditated attack from a disgruntled SPO who spent months in the Fake Fred discord actively looking at ways to harm the brand and reputation of IOG. He targeted my personal pool and it resulted in disruption of the entire cardano network.
Meanwhile, an X user posting as “Homer J.” claimed responsibility, saying he acted alone, did not short or sell ADA, and did not intend to cause harm. The user said he relied on AI-generated terminal commands to block external traffic while trying to replicate the malformed transaction and only realized the extent of the disruption when block explorers froze.
“I’m ashamed of my carelessness,” he wrote. “I didn’t have evil intentions, but I endangered the network and caused unnecessary stress. To rely on AI’s instructions on how to block all traffic in/out of my Linux server without properly testing it on testnet first, and then watched in horror as the last block time on explorers froze. I know it’s just some words on the screen but— Homer J (AAA) (@KpunToN00b) November 21, 2025. ADA fell more than 6% following the disruption, leading losses among major tokens, as traders likely reacted to the apparent lack of coordinating large-scale upgrades in decentralized proof-of-stake networks.
