Cardano faced a rare and serious network disruption this week after a malformed ADA delegation transaction triggered a long-standing code flaw and caused the blockchain to split into parallel chains.

The issue, sparked by what the attacker described as a personal AI-assisted challenge, forced exchanges to pause ADA transfers, caused wallet failures on affected nodes, and pushed Cardano into one of the most high-profile recovery efforts in its history. Founder Charles Hoskinson confirmed that the FBI is now investigating the incident as a potential federal cybercrime.

Despite the severity of the disruption, the network eventually recovered within 24 hours. Cardano’s response included emergency hotfixes, rapid coordination among stake pool operators, and strong community mobilization. Hoskinson dismissed claims that the exploit halted the network and highlighted the resilience of the system under stress.

Make sure to share it when the FUD comes rolling in pic.twitter.com/dt3WSVgYvO

— Charles Hoskinson (@IOHK_Charles) November 23, 2025

The incident began with an obscure deserialization flaw that has quietly existed in Cardano’s codebase since 2022. The bug allows a delegation transaction containing an oversized hash to behave differently depending on node version:

This mismatch creates a scenario every blockchain wants to avoid, honest nodes disagree about chain validity.

At around 08:00 UTC on November 21, the crafted transaction went live. Instead of standard rejection, it forced nodes to diverge:

For a short period, Cardano existed as two different chains operating in parallel.

The effects were fast and visible:

Users on social platforms joked that few people even noticed the outage “because nobody uses it,” but under the hood the implications were serious. A live chain split in a top proof-of-stake network is rare and potentially dangerous.

Cardano did not fully go down, but for several hours, the blockchain was operating in two conflicting states.

The Attacker Speaks

The person behind the crafted transaction went public under the name Homer J, offering details about the motivation and method. According to his comments:

He did not present the attack as a malicious campaign but as a technical test of Cardano’s resilience. However, the consequences were real. Because the exploit impacted the live mainnet and triggered service disruptions across wallets, operators, and exchanges, Hoskinson framed the episode as a targeted cyberattack.

He also pointed to activity in a Discord group known as Fake Fred, which has been associated with anti-IOHK sentiment.

Charles Hoskinson Responds

Hoskinson quickly published several updates to address the unfolding situation. He pushed back on the narrative that Cardano was taken offline or “halted,” stating that the network remained live throughout the event.

His key points:

Hoskinson confirmed direct communication with the FBI, contributing to what appears to be one of the first recorded instances where a proof-of-stake network split has led to law enforcement involvement.

The FBI has now opened a formal investigation, treating the issue as a potential federal cybercrime.

Post-Mortem https://t.co/fI3s6hQGQs

— Charles Hoskinson (@IOHK_Charles) November 22, 2025

Once the exploit was active, the network response was immediate. Cardano developers moved quickly and released emergency hotfix software in node versions 10.5.2 and 10.5.3. Stake pool operators rushed to install updates, allowing their nodes to reject the malformed transaction, restore chain consistency, and converge back to the correct history.

Within 24 hours:

The rapid recovery reinforced Cardano’s commitment to reliability. While critics mocked the situation publicly, the actual engineering response demonstrated the project’s ability to navigate a high-stress network challenge in real time.

The attack triggered a public debate about development practices in the blockchain sector. Commentator Nic Carter referred to the incident as the result of “vibe coding,” implying that Cardano’s engineering lacked rigor or best-practice discipline.

Hoskinson pushed back sharply. He argued that the term minimized the seriousness of the exploit and the sophistication of the network’s recovery. He also noted that the bug itself was not a result of sloppy work, but part of the natural maturity process every long-running codebase experiences.

The exploiter himself admitted that the motivation was not ideological but a personal AI-guided challenge. This further undercut the narrative that Cardano had suffered a breakdown due to cultural or organizational failures.

The incident provides several key takeaways for the ecosystem:

Cardano remains one of the most mature and widely scrutinized proof-of-stake networks. The exploit exposed an issue, but it also showed that the network could absorb a live attack, recover under pressure, and continue functioning without catastrophic failure.

Cardano will continue reinforcing its infrastructure to avoid similar edge-case exploits. The event put a spotlight on the importance of:

The FBI’s investigation will move forward, and depending on the findings, the case may become a reference point for how future proof-of-stake security breaches are handled.

For now, Cardano stands on the other side of a stress test that few blockchains ever face live. The network survived the challenge, adapted quickly, and continues operating, stronger, more transparent, and better battle-tested.

Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.

Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!

26 +