On Saturday, Cardano’s network encountered a brief chain split when a malformed transaction was accepted by nodes running the latest software version but rejected by older releases. The discrepancy led some block producers to follow a “poisoned” branch while others remained on the canonical chain.
The Cardano Foundation and IO Global issued an emergency patch within hours, instructing operators to upgrade node software to eliminate the fork. The patch enforces stricter transaction validation, preventing malformed payloads from being considered valid on any node version.
Investigators traced the malformed transaction to a wallet formerly associated with a testnet stake-pool operator. Charles Hoskinson, Cardano’s co-founder, characterized the incident as a deliberate attack by a disaffected operator seeking to exploit a known protocol vulnerability. “This was not an accident or random error; it was a targeted attempt to divide the network,” Hoskinson said.
Network telemetry showed the chain split lasted approximately 15 minutes, with fewer than ten blocks produced on the forked branch. No user funds were compromised, as the attack did not trigger any token transfers. By Sunday morning, over 95 percent of block producers had applied the patch and re-synced with the canonical ledger.
Cardano developers plan to conduct a post-mortem audit to reinforce protocol resilience and consider additional runtime checks. The incident underscores the importance of maintaining software upgrade consistency across decentralized networks and the need for robust governance processes to respond to onchain threats.
Comments (0)