Share
Cardano’s blockchain split for the first time in eight years on November 21, 2025, after a developer triggered a long-dormant software bug in a self-described “careless experiment” prompting founder Charles Hoskinson to alert the FBI and other authorities amid accusations of a premeditated attack.
The incident report showed that the attack occurred at 08:00 UTC when a malformed delegation transaction exploited a deserialization vulnerability bug in the Cardano node software. Newer node versions processed the transaction, while older ones rejected it, creating two incompatible ledger states and fragmenting the network into competing chains.
Block production continued on both, but transaction confirmations slowed to minutes or failed, and DeFi protocols displayed inconsistent balances.
Developer Homer J, an independent contributor to Cardano’s Plutus scripting language, claimed responsibility on X, claiming the endeavor began as a personal challenge to “reproduce the bad transaction”, and consequently relied heavily on “AI’s instructions on how to block all inbound/outbound traffic” of the Linux server “without properly testing it first”. He wrote, “I’m ashamed of my carelessness and take full responsibility for it.”
The exploit revived questions about a testnet issue from November 20, raising concerns about prior testing.
Sorry (I know the word isn't enough given the impact of my actions) Cardano folks, it was me who endangered the network with my careless action yesterday evening. It started off as a "let's see if I can reproduce the bad transaction" personal challenge and then I was dumb enough
— Homer J (AAA) (@KpunToN00b) November 21, 2025
Hoskinson quickly labeled it a personal and premeditated attack on X, and claimed Homer J was “trying to walk it back” as a consequence of FBI involvement. He coordinated with Input Output Global (IOG), the Cardano Foundation, Intersect, and EMURGO to notify U.S. law enforcement and international regulators.
Cardano works so fast that we forked, fixed, and caught the guy all in one day. He was quite active in the Fake Fred discord. It was absolutely personal and now he's trying to walk it back because he knows the FBI is already involved https://t.co/MNK6d7bEWv
— Charles Hoskinson (@IOHK_Charles) November 21, 2025
An IOG employee known as Roman (X user “effectfully”), a Plutus developer, resigned hours later, citing fears of legal repercussions. “I didn’t realize there was a risk of getting raided by the authorities because of that + saying mean things on the Internet,” he wrote.
Just submitted my resignation letter.
I've fucked up pen testing in a major way once. I've seen my colleagues do the same. I didn't realize there was a risk of getting raided by the authorities because of that + saying mean things on the Internet.
If the Cardano community wants… https://t.co/HFr5KKs8gF
— effectfully (@effectfully) November 22, 2025
In a pushback against calls for prosecution by the authorities, developer Patrick Tobler (@Padierfind), argued that “Cardano is supposed to be secure” and “the code is supposed to be the law.” This places responsibility on delegators and stake pool operators for unpatched flaws, not the exploiter.
For the record: I highly disagree with everyone who's calling for authorities.
Cardano is supposed to be secure. The code is supposed to be the law.
If the code is flawed & you can do a transaction like this, then we (the Delegators + SPOs) are the ones responsible. Not the… https://t.co/6r0hoHsXMU
— Patrick Tobler (@Padierfind) November 22, 2025
In a swift reaction to the incident, IOG and partners rolled out emergency patches within three hours, restoring consensus by November 22 as nodes converged on the valid chain. Major exchanges responded variably, with Coinbase suspending ADA deposits and withdrawals for 14 hours (12:15 UTC on November 21 to 02:10 UTC on November 22). Meanwhile, the likes of Kraken, Upbit and Binance and others paused for shorter periods.
Following the split, ADA fell as much as 16% to $0.37 before recovering to $0.41 by November 24. Trading volume spiked 40% to $1.2 billion in the 24 hours following the event.
The incident showed Cardano’s reliance on unpatched legacy code and the tensions in open-source development. While Homer J could face potential civil liability, the FBI involvement is attracting growing scrutiny on blockchain disruptions. As events unfold, Cardano’s team plans a full audit of node software for the upcoming Chang hard fork in December 2025.
Share
