Cardano Network Splits After Software Exploit Triggers Fork

A crafted transaction exploited a known Cardano bug, splitting the blockchain, halting ADA on major exchanges, spurring an investigation and key resignations.

The Cardano blockchain experienced a network split on Nov. 21 following a crafted delegation transaction that exploited a software vulnerability first reported in 2022, prompting cryptocurrency exchanges to suspend operations and drawing scrutiny from federal law enforcement agencies.

The incident occurred when a malformed transaction passed validation checks on newer node software but was rejected by older systems, creating divergent ledger states across the network, according to technical reports from Cardano’s (ADA) development teams. A developer subsequently disclosed performing the test without implementing proper safeguards.

Cardano engineering teams deployed emergency patches within three hours of the split, according to statements from the project’s core organizations. The network achieved natural consensus the following day as blocks realigned across the system.

During the split period, block explorers displayed inconsistent data while some decentralized finance applications processed transactions on one chain segment as related operations settled on the alternative chain, creating temporary discrepancies in transaction records.

Major cryptocurrency exchanges, including Coinbase and Upbit, temporarily halted deposits and withdrawals of Cardano’s ADA token while monitoring chain stability, according to exchange notifications. Network confirmation times increased and certain transactions failed as nodes attempted to reconcile the forked transaction history.

Cardano founder Charles Hoskinson stated the incident resembled a planned attack and disclosed that federal investigators began evaluating the event after the developer acknowledged responsibility on social media platforms.

Intersect, a Cardano governance organization, issued a fact sheet stating that law enforcement agencies were notified because the transaction was intentionally designed to trigger the known vulnerability. Following the announcement, an engineer at Input Output Global resigned, citing concerns that routine development errors could result in legal consequences, according to public statements.

The ADA token declined in value following the incident before partially recovering losses in subsequent trading sessions, according to market data.