Cardano suffered its most severe technical disruption since launching in 2017 when a malformed transaction triggered a 14-hour chain split on November 21, dividing the $14 billion blockchain into competing forks and sparking intense debate over whether the incident constituted a deliberate attack or a testing mishap gone wrong.
The episode - dubbed "Poison Piggy" by developers - exposed a three-year-old bug in Cardano node software that created two incompatible views of the blockchain.
While founder Charles Hoskinson insisted the split was a "premeditated attack" requiring FBI involvement, a developer known as "Homer J" publicly claimed responsibility, characterizing it as a "careless action" during a personal challenge to reproduce a testnet anomaly.
How the Fork Happened
According to Intersect's incident report, the chain split emerged from a serialization bug that first surfaced on Cardano's preview testnet on November 20. Someone submitted a malformed delegation certificate with an oversized hash - essentially delegating to "RATSRATS" instead of "RATS" (Hoskinson's personal stake pool).
Older nodes correctly rejected the invalid hash, while nodes running code updated in November 2024 truncated it and treated it as valid.
The version skew created what blockchain developer Pi Lanningham described in his comprehensive after-action report as two incompatible chains: the "chicken chain" running stricter validation code, and the "pig chain" accepting the malformed transaction. On November 21 at approximately 3:02 AM EST, a near-identical malformed delegation was submitted to mainnet, splitting the network.
Service Degradation and Impact
Lanningham's analysis reveals significant but contained damage. During the 14-hour window, the pig chain produced 846 blocks while the chicken chain generated approximately 13,900 blocks. Transaction inclusion via robust infrastructure slowed dramatically, with delays reaching roughly 400 seconds and block times stretching to around 16 minutes at their worst.
Out of 14,383 observed transactions, 479 - approximately 3.3% - appeared only on the discarded pig chain and never made it to the final canonical history. Most of these, when resubmitted, proved invalid due to expired validity intervals or conflicting inputs. Block explorers struggled to interpret the fractured network, in some cases freezing or displaying contradictory data.
"This constitutes a serious degradation of service for users, but within expected bounds for a high-nines availability of service," Lanningham wrote. He emphasized that while service quality suffered, funds remained secure and the network continued making progress throughout the crisis.
Attack or Accident?
The incident ignited fierce controversy over intent. Hoskinson characterized it as a targeted attack by a "disgruntled stake-pool operator" who spent months seeking ways to harm the network. "It was a targeted attack. Premeditated. It probably took several hours to figure out how to do it… It was a malicious act," Hoskinson stated, adding that the FBI had been contacted.
However, the individual behind the transaction, posting as "Homer J" on social media, offered a different narrative: "Sorry (I know the word isn't enough given the impact of my actions) Cardano folks, it was me who endangered the network with my careless action yesterday evening. It started off as a 'let's see if I can reproduce the bad transaction' personal challenge and then I was dumb enough" to deploy it to mainnet.
The timing raised suspicions - the same anomaly had appeared on testnet just 24 hours earlier, suggesting the exploit was tested before mainnet execution.
Network Recovery Through Consensus
Despite the severity, Cardano's response demonstrated its decentralized governance structure. A patched node was already available thanks to the testnet incident. Overnight, Input Output Global, the Cardano Foundation, Emurgo, Intersect, exchanges and stake pool operators coordinated via emergency calls to upgrade to the fixed version and follow the stricter chicken chain.
There was no protocol-level rollback or centralized "restart." As stake migrated to upgraded nodes, block production on the pig chain slowed while the chicken chain accelerated. Once the healthy fork overtook the poisoned one, Ouroboros' probabilistic finality properties ensured nodes automatically switched to the longer, denser chain.
"This is the concrete evidence of when the Nakamoto consensus worked as intended and converged the network to a single canonical history," Lanningham argued. Hoskinson went further, suggesting the incident would have "killed other chains" but Cardano's design allowed sufficient time for coordinated recovery.
Lessons and Future Hardening
Both Hoskinson and Lanningham acknowledged serious weaknesses exposed by the incident. "The fact the bug appeared at all is a failure of our testing rigor," Lanningham conceded. The reliance on cardano-db-sync left the ecosystem "flying blind" when that component crashed on the malformed transaction. Many stake pool operators upgraded without independently reasoning about fork choice, trusting founding entities' recommendations.
The after-action roadmap calls for stronger fuzzing and spec-driven testing, richer node-to-client protocols enabling wallets and exchanges to implement circuit breakers based on real consensus health, more diversity in monitoring infrastructure, and better education for operators on how Ouroboros behaves under stress.
ADA's price fell approximately 6% during the incident, underperforming broader crypto market recovery and currently trading around $0.41. The modest decline relative to the severity suggests markets viewed the incident as a test of network resilience rather than a fundamental failure - one that Cardano ultimately passed, albeit while revealing areas requiring urgent improvement.
Read next: Cardano Whales Accumulate $204 Million in Four Days Despite 30% Price Decline