Overview
- Intersect said a crafted malformed delegation transaction on November 20 exploited a cryptographic deserialization flaw first observed on the Preview testnet in 2022.
- Differences between node versions let newer software accept the poisoned transaction while older nodes rejected it, temporarily partitioning the mainnet.
- Engineers issued a hotfix and urged upgrades to cardano-node version 10.5.3, restoring convergence without compromising user funds.
- An X user calling himself “Homer J” publicly admitted to submitting the transaction and apologized, as Intersect engaged authorities including the FBI.
- Charles Hoskinson alleged a premeditated attack by a disgruntled stake-pool operator active in the Fake Fred Discord, while exchanges paused transfers and resynchronization continues.