An overview of the recent network partition event, the technical root cause, and the collaborative response by the Cardano ecosystem to restore full synchronization.

Summary

• Incident: A chain partition occurred on the Cardano mainnet, creating a temporary split in the blockchain history.
• Root cause: A malformed delegation transaction exploited a bug in deserialization code.
• Resolution: Stake Pool Operators (SPOs) are upgrading to node version 10.5.3 to resolve the partition.
• User impact: No user funds have been compromised. Most wallets require no user action.
• Status: The network is converging as the majority of nodes upgrade, and a working group is covering initial data reconciliation over the weekend.

This initial report and overview remains an ongoing incident with support from teams across Input Output | Global, the Cardano Foundation, EMURGO, Intersect and others continuing to monitor and coordinate over the weekend.

What happened: the chain partition

At approximately 08:00 UTC on November 21, 2025, Cardano mainnet experienced a targeted anomaly that resulted in a chain partition. This followed a similar incident on the Preview testnet the day before. The cause of the partition was a malformed delegation transaction that was executed on the Cardano mainnet. This exploited a bug in an underlying software library that was not trapped by validation code. The execution of this transaction caused a divergence in the blockchain, effectively splitting the network into two distinct chains: one containing the ‘poisoned’ transaction and a ‘healthy’ chain without it.

Upon detection of the initial issue on the testnet, engineering teams from Input | Output, the Cardano Foundation, Intersect and other parties formed an incident squad and collaborated in a ‘war room’ setting to develop a solution. Significant support was also lent by Intersect’s security council, EMURGO and many other valued community contributors. 

A hotfix was developed and deployed to prevent the exploit. SPOs, Exchanges and other node users worked quickly and effectively to upgrade their nodes, ensuring that the healthy chain dominated.

Why it happened: technical root cause

The incident was made possible by a specific bug in the deserialization of a hash, which dates back to 2022. This functionality was not used until a year ago.  The bug allowed an oversized hash in a malformed delegation transaction to pass initial validation checks when it should have been rejected. Previous ledger versions and the usual transaction submission tooling had masked this bug, meaning that it was only triggered in recent node versions and using specialised tooling.

While the core Cardano protocol remains robust, this edge-case vulnerability provided a vector for the disruption. The transaction was crafted specifically to trigger this bug on mainnet following its earlier discovery on the Preview network, creating a consensus disagreement between nodes that had processed the transaction and those that had not.  Older nodes, including those used by Daedalus, DB-Sync, light wallets, explorers and other tools rejected the transaction, while newer nodes, including the majority of stake pools, accepted it.  This created the risk of widespread and long-term disruption to normal Cardano users.

It is important to note that the network did not stall. Block production continued on both chains throughout the incident, and at least some identical transactions appeared on both chains. However, to ensure the integrity of the ledger, exchanges and third-party providers largely paused deposits and withdrawals as a precautionary measure.

The response: coordinated mitigation

1. Node upgrade (Versions 10.5.2 and 10.5.3) 

The primary mitigation strategy has been through the release of new node versions, 10.5.2/10.5.3, to address the deserialization issue in newer node versions. These versions were developed following the detection of the Preview issue, fast-tracked, and released to SPOs and other technical stakeholders. Node version 10.5.2 was released at approximately 11:00 UTC, and version 10.5.3 - targeting SPOs compiling from source - was released at approximately 15:30 UTC. As Stake Pool Operators (SPOs) exchanges, and bootstrap relay operators upgraded their nodes, the weight of the ‘healthy’ chain increased. In line with the Ouroboros consensus protocol, the chain with the highest density (the healthy chain) will eventually overtake the poisoned chain, causing the invalid blocks to be orphaned.  This is expected to happen before the end of the day.

2. Data reconciliation working group 

Intersect has established a specialized working group to manage the reconciliation of data. While valid transactions from the poisoned chain may be able to be replayed onto the main chain, or may already appear on the main chain, this group is tasked with ensuring a smooth convergence and cleaning up any data inconsistencies resulting from the partition.

3. Investigation and legal action 

The wallet responsible for the malformed transaction has been identified. Forensic analysis suggests links to a participant from the Incentivized Testnet (ITN) era. As this incident constitutes a potential cyberattack on a digital network, relevant authorities, including the Federal Bureau of Investigation, are being engaged to investigate.

4. Contingency

A disaster recovery plan based on CIP 135 is on standby, should the majority of the network not transition to the correct, patched chain in time. This plan would involve pushing for the adoption of the chain that rejected the erroneous transaction, and require local truncation of the state by nodes that had not transitioned to the correct chain. Details can be found here on the SanchoNet Fire Drill related to CIP 135.

Current status and instructions

The network is currently in a recovery phase. Based on the current rate of SPO upgrades, the two chains are projected to merge back into a single, canonical chain within the next few hours. This chain will reject any further submissions of similarly malformed transactions.

• For SPOs: It is imperative to upgrade to node version 10.5.3 immediately if they are running nodes version 10.3.1, 10.4.1 or 10.5.1.  High participation is required to accelerate network convergence and stability.
• For retail users: No action is required. Wallets such as Daedalus remain secure, since the node version they are using is unaffected by the issue. Users may experience temporary delays in exchange connectivity until the partition is fully resolved.

Thank you to the SPOs, exchange partners and the wider Cardano technical community for your collaboration and agility during a challenging period. Intersect will be convening a working group to do a full retrospective and ‘After Action Review’ once the network has fully normalized. It will publish its technical findings in full. This review will inform future quality assurance processes to prevent similar legacy bugs from impacting the mainnet.