Recently, the Cardano mainnet experienced a brief chain partition due to a maliciously constructed delegation transaction triggering an old deserialization bug.
Community opinion was once chaotic, but the official technical team has publicly released a complete report, clarifying all key facts.
This event, compared to a 'crisis', is more like a real stress test of Cardano's decentralization capabilities.
1. Overview of key facts
The mainnet has never gone down (both chains are continuously producing blocks)
The integrity of the ledger is fully maintained
No funds have been lost
The event automatically converged within 14.5 hours
Ecosystem teams collaborated rapidly to complete the recovery
In a word:
User assets zero risk, network resilience fully validated
Two, how did the event happen?
The attacker constructed a special delegation transaction:
1. The new version nodes (10.3.x / 10.4 / 10.5) will accept the transaction due to the bug
2. The old version nodes will reject the transaction
Thus:
Old nodes transition to a healthy chain
New nodes form a poisoned chain
→ Two chains coexist briefly, but both are producing blocks normally, not affecting fund safety.
Technical highlights:
This is a deserialization vulnerability left by the old code path from 2022, maliciously exploited.
Three, five major rumors vs facts
❌ Rumor 1: Cardano crashed and went offline
✔️ Fact: The chain has never gone offline, both chains continue to produce blocks.
❌ Rumor 2: Funds were stolen / mainnet was hacked
✔️ Fact: No funds were lost, UTxO and the crypto validation layer are completely normal.
❌ Rumor 3: Because no one used it, no one discovered it
✔️ Fact: The issue was captured and reported by SPOs and exchanges within minutes.
❌ Rumor 4: An AI teenager accidentally triggered a disaster
✔️ Fact: The transaction was deliberately constructed → It has been regarded as malicious attack behavior and reported to law enforcement.
❌ Rumor 5: Someone centralized and rolled back the chain
✔️ Fact: No rollback, no 'backdoor switch'.
Recovery was due to the healthy chain having more stake, automatically winning according to Ouroboros consensus.
Four, technical details: Bug source & recovery principles
Bug source: The deserialization flaw belonging to the 2022 legacy code path was only triggered in specific logic paths of the new version nodes
Old nodes reject transactions → maintain a healthy chain
Recovery mechanism: Release patches 10.5.2 / 10.5.3
As SPOs and exchanges upgrade → the healthy chain gains absolute stake advantage, the network automatically converges, no rollback or manual intervention is needed, this is the 'self-healing capability' that PoS consensus design inherently possesses.
Five, which teams participated in the recovery?
This is one of the largest technical collaborations in Cardano's history:
IOG
Cardano Foundation
Intersect
EMURGO
Exchanges (including CEX)
Hundreds of SPOs
Wallet, browser, Indexer teams
Security researchers and community volunteers
Decentralization is not a slogan, but a practical operational capability.
Six, impact on users (most important)
🔵 Funds 100% safe
🟩 Wallets are functioning normally, no action required
🟡 A small number of transactions broadcast to the poisoned chain need to be resent
🟡 Some exchanges temporarily suspended withdrawals (now restored)
No user incurred losses.
Seven, improvements officially initiated after the event
Enhance legacy code test coverage
Strengthen node upgrade coordination mechanisms
Enhanced on-chain monitoring and status alerts
Adopt stricter security processes (Responsible Disclosure)
Intersect launched a comprehensive review of the base code
The final review report will be publicly released.
Eight, significance of the event: a real and successful stress test
This event demonstrated:
✨ Cardano's decentralized self-healing capability
✨ Rapid cross-organizational collaboration among multiple teams
✨ The transparency and rigor of engineering culture
✨ Maintain ledger and asset security even under extreme conditions
#Cardano was not defeated, but instead demonstrated strong resilience!
