Cardano’s mainnet experienced a rare chain partition on November 21, 2025 after a malformed staking-delegation transaction exploited a long-standing deserialization bug, briefly producing a “poisoned” branch containing the transaction and a parallel healthy branch that rejected it. The network continued producing blocks on both sides until emergency node upgrades restored convergence later that day; Intersect said no user funds were lost and that a CIP-135 disaster-recovery playbook was prepared but ultimately not needed.
Should Cardano’s Attacker Face The Feds?
What turned a technical postmortem into an industry flashpoint was the public fallout between Cardano founder Charles Hoskinson and Solana co-founder Anatoly Yakovenko over whether the incident should be treated as a federal crime.
Yakovenko opened by praising the protocol behavior rather than the politics: “I am gonna go out on a limb and actually say this is pretty cool. Nakamoto style consensus without proof of work is extremely hard to build. The protocol functioned as designed in the presence of bugs.” He was reacting to Berry Ales’ observation that Cardano “recovered from a minority chain and got rid of the symptom while preserving most of the history and progress since the incident.” Hoskinson replied tersely: “Thanks man. It was a wild day.”
The exchange sharpened when Yakovenko framed exploit traffic as inherent to permissionless networks and warned against involving law enforcement. “Communicating arbitrary bits is fundamentally speech, even if they break the receiver,” he wrote. “The fact that it’s not always the case in the US is lame. Don’t send the feds after the poor guy who f’d up vulnerability disclosure.”
Hoskinson’s counterclaim was that this was not disclosure at all. “It was a premeditated attack by a disgruntled SPO with extensive knowledge of Cardano and who had already observed the testnet fork, the patch efforts, and was in direct contact with the core devs,” he said. According to Hoskinson, the attacker watched the Preview testnet incident, waited through patching efforts, then reproduced it on mainnet.
“We spent hours studying it, reconstructing for mainnet, and then delegating to my personal pool Rats as a message. He only admitted this act after I doxed him in a video then claiming it was a terrible mistake, but somehow neglected to mention it during the entire day while we were fixing it.”
He then argued that intentional exploitation of public infrastructure crosses into criminal territory: “Blackhats exploiting bugs to cause harm to public infrastructure is not a new thing. Its a federal crime because of the catastrophic harm to society such acts could carry. Cardano is a large network and many people derive their entire livelihood from the network’s operation. He hurt every single person in our ecosystem.”
Yakovenko accepted the ugliness of blackhat behavior but maintained that legal escalation is strategically risky in open systems. “Yea. I get it. We have had shitheads that watch public branches for any bug fixes and try to exploit them immediately. It’s a huge pia. Any potential bugs have to be fixed in private and rolled out p2p patches first. It has a chilling effect on the industry if you call in the Feds.” In his “mental model,” if operators run “a system that accepts arbitrary public messages, they are taking on the risk of what happens with any message they receive,” and only permissioned systems with explicit liability framing should be regulated as such.
Hoskinson pressed that model against the realities of regulated finance and cross-chain norms. “Furthermore, are you going to tell all the regulated financial entities that are building on Solana that if they lose money from hackers while using Solana, they shouldn’t file a criminal complaint?” He followed with a direct hypothetical: “So if a blackhat found an exploit in solana and it forked the network resulting in huge losses for your defi community, they should accept its a risk of solana and the blackhat did nothing wrong? What is the remedy?”
Yakovenko’s answer separated moral blame from deterrence. “The blackhat is an absolute piece of shit. The remedy is that we need multiple implementations and formal verification to minimize the risk of that happening… We have to make it impossible.” In his view, prosecution is not a reliable control because serious attackers do not expect to be caught, so resilience must come from engineering redundancy and verification, not the threat of the state.
Intersect’s incident report says the wallet responsible for the malformed transaction has been identified and that authorities including the FBI are being engaged. The immediate Cardano story is a fast-patched validation mismatch that re-converged without rollback. The bigger story is a live, founder-to-founder clash over whether permissionless security failures are primarily a matter for protocol design or criminal law—and what precedent the answer sets for every PoS network, Solana included.
At press time, ADA traded at $0.41.
Featured image created with DALL.E, chart from TradingView.com
Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
