Network Splits in Two as Attacker Uses AI-Generated Script to Exploit Bug

A malformed transaction pushed Cardano into a brief chain split on Saturday, as older and newer node versions validated transaction data submitted to the network differently.

The mismatch caused some block producers to follow a “poisoned” chain while others stayed on the normal one, prompting an emergency patch and network-wide upgrade instructions.

The incident — which has since been traced to a wallet belonging to a former testnet participant — is being investigated as a potential cyberattack.

Cardano ecosystem governance body Intersect said in a post-mortem report that the divergence emerged when newer nodes accepted a malformed transaction that older nodes rejected.

The inconsistency exploited a bug in an underlying software library that validation logic failed to trap. Once propagated, block producers began building on different branches of the chain, creating what the group called a “poisoned” ledger and a parallel “healthy” chain.

Devs rushed to deploy patched node software, and operators were instructed to upgrade to rejoin the canonical chain.

Exchanges and wallet providers paused deposits and withdrawals throughout the incident as a precaution, though Intersect said no user funds were lost and most retail wallets were insulated because they relied on components that safely ignored the malformed transaction.

Cardano co-founder Charles Hoskinson characterized the event as a targeted, premeditated attack by a disgruntled stake-pool operator who had been seeking ways “to harm the brand and reputation” of Input Output Global (IOG).

He warned the disruption affected all users from block producers losing rewards to DeFi protocols encountering inconsistent state and said restoring full network uniformity could take weeks.