• Cardano mainnet faced a rare network partition caused by a malicious delegation transaction.  
• Stake pool operators (SPOs) are upgrading nodes to version 10.5.3 to restore full network functionality.  
• No action is required from retail users; exchanges have temporarily paused deposits and withdrawals.  

Cardano’s blockchain experienced a significant disruption early on November 22, 2025, when a specially crafted delegation transaction triggered a network partition on the mainnet.

The incident was first detected during executive workshops in London by Charles Hoskinson, founder of Cardano, who described the event as highly unusual but manageable.

The malformed transaction exploited a cryptographic library bug that has existed since 2022. 

The attack initially appeared on the testnet and was replicated on the mainnet early in the morning, targeting Hoskinson’s pool, “Rats Pool,” and creating two parallel chains.  

Engineering teams quickly deployed hotfixes and coordinated with Cardano Foundation, Intersect, and Emurgo to address the issue. While blocks continued to be produced on both chains, the network maintained stability.

The chain without the poisoned transaction is expected to overtake the compromised one, though some transactions on the orphaned chain will require manual reconciliation.

Exchanges temporarily halted deposits and withdrawals, and SPOs are actively upgrading to node version 10.5.3 to complete the restoration process.  

Also Read: Cardano (ADA) To Lose Top 20 Spot: Market Frenzy Begins

Stake Pool Operators Lead Recovery Efforts

The stake pool administrators contributed to fixing the problem by implementing the new update to the nodes. The update ensured that end users accessed services without experiencing downtime, according to Hoskinson.

The reconciliation process is responsible for comparing blocks from both chains to determine which transactions can be propagated to the main chain.

To ensure that all orphan transactions are handled in the right manner, Intersect has formed a special working group to monitor this process.

The attack has been found quite targeted. The forensics revealed that the malware came from the retire pool, which was linked to Incentivized Testnet, or ITN, as it is widely referred to.

Law enforcement agencies, such as the FBI, will take up this case, as it is considered a felony in multiple jurisdictions.

Cardano Resilience and Future Precautions

The collaborative efforts of Cardano’s teams impressed Hoskinson, who called it a professional example under pressure.

Despite things being tough in 2025 regarding ups and downs in market conditions and growing pains in governance, things could have derailed in a serious way, but things worked out.

The next step will be a review of what happened so that “hidden bugs” like this one can be kept out of current security measures.

Retail users will not be required to take any actions. The SPOs are encouraged to complete upgrades as quickly as possible. An exchange is gradually reverting to normal due to the progress of reconciliation.

Not long after all upgrades are in place, the chains will merge, and all functions at the network level will be restored, according to Hoskinson.

Also Read: Cardano Mainnet Faces Temporary Fork, Node Update 10.5.2 Released