Although core developers moved quickly to contain the problem, Cardano experienced a temporary split into two chains after a malformed delegation transaction exploited a long-standing bug in critical software libraries, creating a divergence between nodes that accepted the invalid payload and those that rejected it. The malformed transaction, later identified as AI-generated, bypassed standard validation checks by exploiting a deserialization hash error that allowed a transaction with an excessively large hash to pass initial parsing. Newer node implementations accepted the payload while older nodes rejected it, producing a validation mismatch that led to two diverging ledgers, one containing the malformed delegation and another without it. Intersect engineers and node operators coordinated upgrades and monitoring to restore alignment, with upgraded clients such as versions 10.5.2 and 10.5.3 beginning to drive convergence across the network. This incident highlights the complexity and potential liquidity issues in staking environments when network integrity is compromised.
The split produced a “poisoned” chain and a “healthy” chain, with block producers on each branch building different blockchain histories, and the Ouroboros proof-of-stake protocol enabled continued block production on both forks without a complete network halt. This dual progression resulted in delayed block production and disrupted services, as decentralized finance protocols and smart contracts encountered inconsistent states across the forks, generating transaction confirmation delays and temporary inoperability for some wallet providers and dApp services. Exchanges responded conservatively by pausing deposits and withdrawals to avoid embedding conflicting ledger states into custody systems.
Emergency response measures were coordinated rapidly, developers issued a patch to correct the deserialization hash vulnerability, and network-wide upgrade instructions were distributed to staking pool operators and node maintainers to unify chain histories. Reconciliation was achieved after broad adoption of the patched node software, restoring a single canonical chain through coordinated upgrades and roll-forward of valid ledger state, while stiffer operational guidance on timely node updates and library audits was emphasized to reduce future risk. The incident traced to a staking pool operator with testnet pedigree, identified publicly as Homer J, who apologized and acknowledged authorship, and forensic teams treated the event as a deliberate exploit, engaging external investigators.
Market impact included an approximate 7% drop in ADA price amid uncertainty, and the episode underscored the risks of dormant software bugs, the dual-use potential of AI in crafting malformed payloads, and the importance of governance, security audits, and rapid patching to preserve blockchain integrity. All users were advised to update nodes and follow official guidance to minimize further disruption.
