Post-Mortem

IOHK_Charles avatar
Charles Hoskinson
@IOHK_CharlesNov 24, 2025

The Spaces reviewed a deep Cardano network partition and reorg caused by a dormant bug from 2022 in a cryptographic library that was exploited on mainnet. Charles Hoskinson detailed a rapid, decentralized recovery: a war room formed within ~25 minutes, exchanges paused deposits/withdrawals, SPOs upgraded within hours, and the canonical chain remained unedited with no double spends. The orphan chain gap was ~964 slots and ~3.9% of transactions did not make the good chain; replay assessments continue. Hoskinson condemned misinformation, clarified that “code is law” does not waive legal recourse, and identified the attacker (Greg Bil Reznev of Yar’s Technologies) as acting with malicious intent. He outlined QA/security upgrades (external audits, monitoring/pub-sub alerts, alternative clients, post-quantum ZK), a one-pager to counter misinformation, and conditional cooperation among entities after the incident. Strategically, he set a DeFi roadmap: Bitcoin integration starting Q1, RealFi yield, multiple stablecoins (including homegrown tier-1), Hydra/Leios scaling, and improved developer/user experience. Lucas and Nico discussed Starstream and NightStream (lattice-based ZK+FHE with GPU acceleration). Community voices raised insurance models, ISO/NIST standards, governance accountability for the Cardano Foundation, and broader macro theses on sound money.

Cardano deep reorg incident postmortem, response, and ecosystem direction

Participants and roles (as inferred from the session)

  • Charles Hoskinson (Input Output Global, founder of Cardano) – principal speaker; led incident response narrative, postmortem, governance views, roadmap.
  • Jerry (community member) – raised on-chain/industry insurance discussion.
  • Lucas (developer; leading Starstream) – dev experience, language tooling, integration with Night Stream.
  • Nico (cryptography/engineering collaborator on Night Stream) – privacy, MEV, identity use-cases, ZK/FHE benefits.
  • Holger (community) – accountability, legal recourse stance.
  • Hari/Hardy (Harmonic Labs developer) – AI for testing/security, coordination with Lace.
  • Bouncer (community) – DEX scalability and Midnight DEX question.
  • General Keck (trader/finance background) – macro/market structure, compliance encoded in smart contracts.
  • Co-hosts/moderators referenced as Ed and others; additional participants asked questions intermittently.

Executive summary

  • A latent bug (dating to 2022 in an obscure cryptographic library) was exploited, causing a network partition that produced an orphan chain alongside the canonical chain. Cardano did not halt; the canonical chain remained unedited and intact. A war room formed within ~25 minutes of the split; a patch was propagated; SPOs, exchanges, and DeFi teams coordinated globally. Within hours, most exchanges locked deposits/withdrawals and began upgrading. The partition healed without manual ledger edits, checkpoints, or centralized override.
  • Impact snapshot (from Charles): gap of ~964 slots between the orphan and canonical chain; ~3.9% of transactions on the orphan chain did not make the canonical chain; replay efforts are underway. There were no double-spends on the canonical chain.
  • Attribution (as alleged by Charles): an attacker with long-standing domain knowledge in the Cardano ecosystem targeted a malformed transaction to his pool, causing the split. He claims forensic links to past testnet (ITN) identity. Charles asserts malicious, premeditated intent and is encouraging affected entities to file complaints with relevant authorities (Australia/US/UK, etc.).
  • Cardano’s recovery was positioned as unprecedented for a large PoS network: decentralized patching by SPOs/exchanges without centralized checkpoint resets or manual ledger intervention. Charles anticipates waves of misinformation and plans a one-pager to counter false narratives (e.g., “Cardano went down,” “manual edits,” “AI discovered the attack,” etc.).
  • Postmortem actions include external audits, stronger testing/simulation, a red-alert pub/sub for urgent coordination, additional monitoring, and faster multi-implementation validation. Alongside core protocol evolution (Leios; transcript captured as “Laos/layouts”), Hydra, and better dev UX, the team aims to harden incident resilience.
  • Broader roadmap and ecosystem direction emphasized DeFi liquidity (stablecoins, oracles, bridges), Bitcoin-to-Cardano flows starting Q1 next year (ramping to 10-figure BTC by ~2027), and RealFi products with demonstrated off-chain lending track record. Midnight (privacy chain) integrations will be mirrored into Cardano, and cryptographic R&D (Night Stream) targets post-quantum ZK/FHE with GPU acceleration.
  • Governance tensions persist between IOG and the Cardano Foundation (CF); the incident catalyzed pragmatic coordination, but Charles conditions any deeper reconciliation on community oversight (elected board, objective KPIs). He criticizes CF’s posture toward Midnight and past events.
  • On “code is law”: Charles distinguishes on-chain immutability (no rollbacks) from off-chain legal remedies when property rights are harmed. He rejects bailouts/ledger edits but supports Treasury-based smart-contract reimbursements if community-approved. He asserts the right of users/businesses to file criminal complaints in their jurisdictions.

Incident overview and timeline

  • Bug origin and discovery:
    • A cryptographic-library bug from 2022 surfaced on testnet a day before the mainnet incident. IOG began patch development immediately after testnet issues were noticed, attempting a silent rollout to reduce exploit risk.
  • Exploit and network partition:
    • An attacker crafted a malformed transaction and submitted it to Charles’ pool (referred to as “rats pool”), triggering a network split: a canonical chain and an orphan (“poison”) chain.
    • Quantitative context: ~964-slot gap; ~3.9% of transactions from the orphan chain did not make the canonical chain. Replay processes began quickly.
    • Cardano did not halt; the canonical chain remained unedited and, upon resync, shows no inconsistencies (per Charles). No canonical double-spends were observed.
  • Response and coordination:
    • War room convened ~25 minutes post-split (around 8:25 AM local time referenced) with CF, Intersect, IOG, and SPOs.
    • To avoid signaling a zero-day, early coordination prioritized silent, priority-based outreach; once the partition manifested, communications escalated quickly and broadly.
    • Exchanges: CF notified exchanges to halt deposits/withdrawals while keeping trading open; many acted within ~3 hours, initiating upgrades. Bootstrap relays were upgraded within ~1 hour. Replay from a lower-density chain segment can take 2–3 hours to sync, contributing to elapsed time despite rapid software deployment.
    • Scaling the patch: 200+ exchanges, hundreds of SPOs, in 100+ countries, without a centralized identity or command structure. IOG/intermediaries shouldered significant one-to-one comms; nevertheless, decentralized operators executed upgrades.
  • Why exchanges can’t just “flip” a fork:
    • Detecting a partition is non-trivial without specialized monitoring; each side appears “right” locally. Symptoms (chain density, timings) require protocol literacy. Exchanges also must follow internal QA to verify binaries and authenticity, which adds time but protects funds.
  • Misinformation management:
    • False claims (per Charles): “Cardano broke/was shut down,” “manual ledger edits,” “AI discovered the exploit,” “a single coder took the network down.” A one-pager will be published for broad sharing and to seed accurate summaries into AI models and community notes.

Attacker attribution and legal stance (as alleged by Charles)

  • Identity and motive (alleged):
    • Named by Charles as “Greg Bill Reznev” of Yar’s Technologies (Melbourne), an early SPO and ITN participant; also linked to SundaySwap as a “scooper.” Charles claims forensic traces to a retired pool registered with real-world identity during ITN. He describes a history of public criticism of IOG/Charles (including affiliation with a “fake Fred” Discord) and interprets targeting his pool as malicious/personal.
    • Charles asserts this was not “responsible disclosure” or pen testing; the attacker did not coordinate with maintainers despite being aware a patch was under development.
  • “Code is law” vs. rule of law:
    • On-chain immutability is preserved; however, off-chain legal rights remain. Charles encourages affected entities to file criminal complaints; he argues that public infrastructure disruption with economic damage warrants legal accountability. He emphasizes no request for government “bailouts,” no chain edits, and no ledger rollbacks.
  • Laws referenced (examples, per Charles; jurisdiction-dependent):
    • US: Computer Fraud and Abuse Act (18 USC §1030), wire fraud, potential critical infrastructure disruption statutes, etc.
    • Australia: Criminal Code provisions relating to unauthorized impairment/access/modification of data and use of carriage services to menace/harass.
    • UK/other jurisdictions: potentially applicable given global user base.
  • Personnel impact:
    • Charles reported a resignation (“effectfully”) over disagreement with filing with the FBI; Charles stands by the legal-recourse stance and is willing to accept further resignations if necessary.

Protocol behavior, detection, and recovery dynamics

  • Ouroboros and partitions:
    • In a partition, both sides locally appear correct; detection requires specialized monitoring (e.g., chain density anomalies). The canonical chain is the longest chain; in this case, it remained the original Cardano history. The “poison” fork was shorter.
  • Recovery mechanics:
    • Rapid patch deployment; SPO/exchange upgrades; replay of the shorter segment takes 2–3 hours; coordination complexity drives total time. Execution in under ~12 hours post-stitching start was presented as a success for a decentralized network of Cardano’s scale.

QA/QC and process improvements

  • Immediate/near-term improvements Charles advocated:
    • Extensive external security audit of the Haskell/Cardano codebase.
    • Stronger testing/simulation frameworks.
    • Red-alert pub/sub infrastructure for urgent signaling among SPOs, exchanges, bridges, and critical infra operators.
    • Enhanced monitoring and use of ZK/post-quantum techniques for stronger checkpointing/assurance.
    • Encourage independent client implementations; audit against formal specs (Project BluePrint; alternative clients help surface divergent behavior early).
    • Continue rollout of Leios (transcript: “Laos/layouts”) and overlay systems; Hydra evolution; support teams like GummyWorm/Sam Leathers.

Ecosystem governance, Foundation relations, and coordination

  • Incident unity vs. long-standing disputes:
    • Despite social/organizational tensions, multiple entities (CF, Intersect, IOG, SPOs) coordinated effectively. Charles praised professionalism during crisis but underscored durable disagreements with CF.
  • Charles’ conditions for reconciliation:
    • Community oversight of CF (board seats elected by token holders/community); objective KPIs; focus on measurable ecosystem growth (DeFi, developer support, integrations). He alleges CF actions (Linux Foundation arrangement reportedly excluding IOG as core developer; Intersect representation; constitutional process disagreements; silence on voucher recovery report; lack of engagement with Midnight) reflect a posture of marginalizing IOG/Charles.
    • Partial reconciliation could occur around standards and network health coordination; deeper reconciliation requires governance changes.

DeFi liquidity, integrations, and roadmap

  • Core integrations and costs:
    • Oracles, stablecoins, and bridges remain critical; commercial quotes suggest $100M+ aggregate for robust coverage. Absent CF co-funding, Charles expects Midnight Foundation/IOG/Treasury to shoulder more.
  • Stablecoins strategy:
    • Target 3–5 stablecoins (large/mid-size/algorithmic), proportional to TVL/MAU/asset mix. IOG has minted an eight-figure USDM amount; urges CF/Emurgo to seed issuance (e.g., CF converting BTC to USDM), and criticizes Emurgo for not committing substantial treasury to USDA at launch.
    • On depegs: asset-backed, redeemable stablecoins should arbitrage back to par; insolvency of backing assets is the true risk. Algorithmic stablecoins remain of interest but need careful design.
  • Bitcoin on Cardano:
    • Dedicated team (GM: Omar Hussein). Start moving BTC in Q1 next year (initially 6–7 figures, low 8 figures), ramping quarterly toward 10-figure BTC by ~2027.
    • Complementary yield/lending products to attract BTC holders who prefer to retain BTC exposure.
  • RealFi and TVL growth:
    • Mid-year launch target for a RealFi product; Charles cites a track record of ~1M microloans in East Africa over 24 months with ~17% returns (off-chain), to be bridged on-chain. Anticipates billions in homegrown stablecoin liquidity in ~24 months via RealFi architecture.
  • Developer and user experience:
    • SIPs (e.g., SIP-143), better DA/composability, improved dev UX; Hydra on mainnet (Delta DeFi launch), Starstream stack for dev tooling and privacy.

Insurance for blockchains (Jerry’s topic)

  • Chain-wide insurance: purchase external policies where certain disasters trigger coverage up to a cap; deductible collateralized by Treasury/foundation. Benefits include insurer-mandated risk reductions and better DR planning.
  • Self-insurance: RWA structure funded by premiums (yield to backers if no events; losses covered when events occur). To revisit in a comprehensive 2026 postmortem.

Night Stream and Starstream: post-quantum privacy and performance stack

  • Night Stream goals (Charles, Nico):
    • Migrate from hash-based to lattice-based cryptography for ZK and fully homomorphic encryption (FHE); unlock recursion and folding natively.
    • Translate lattice math into tensor operations (long-used in AI), enabling linear GPU/NPU acceleration across consumer devices and hyperscale clusters.
    • Leverage confidential compute in modern GPUs (NVIDIA/AMD) to outsource proof generation without revealing data.
    • Unify ZK and FHE in a single stack for privacy-preserving computation, compressed proofs for efficient light verification, and post-quantum security.
    • Use-cases: MEV mitigation via privacy; enterprise-required confidentiality; selective disclosure identity/KYC (e.g., passport chip proofs without leaking PII).
    • Roadmap: Linux Foundation program approved; announcement plans in Hong Kong and at Consensus; current Midnight stack (Plonk/Halo2) to evolve into Night Stream.
  • Starstream (Lucas):
    • Dev ergonomics: advanced language server (rename, hover, symbol intelligence), aiming for ease-of-use and WASM integration; pipeline to translate into Night Stream proofs.
    • “Night Stream” replaces an internal name (“Halo 3” not approved); collaboration among top Cardano language developers.

DEX architecture and performance

  • First-gen Cardano DEXes faced UTXO-model differences vs. Ethereum. Second-gen DEXes that adopt Hydra/Starstream for high TPS and instant finality are expected to win.
  • Charles is personally fond of SundaySwap’s founder but remains neutral; market momentum presently favors Minswap.
  • Hydra reduces on-chain bloat by doing high-throughput activity off-chain with succinct on-chain representations; aligns with Cardano’s original layered vision (SL/CL/AD) for application domains.

AI for testing and development

  • Clarification: the exploit was not discovered by AI (“vibe coding”); it was a domain-expert-crafted attack after observing the testnet event. Charles nonetheless supports AI-driven CI/CD, QA/QC, code generation, pen testing.
  • Coordination: invites Harmonic Labs (Hari/Michaeli) to compare AI approaches with Lace (GM: Brandon Wolf). Aim to accelerate client development and security automation.

Market structure and compliance-by-code (discussion with General Keck)

  • “Can’t be evil” versus “don’t be evil”: encode fair trading rules (e.g., shorting constraints, price/priority/precedence) in smart contracts and settlement logic, rather than rely solely on legal/regulatory enforcement.
  • Policy levers: regulators can certify smart-contract modules as compliant (stick) and provide tax/carrot advantages for compliant usage (e.g., capital gains vs. ordinary income). Global markets require modular compliance flows (ZK proofs for jurisdictional requirements) rather than a single-jurisdiction fiat broker model.

Governance and PR: misinformation and social dynamics

  • Charles expects 1–2 weeks of misinfo waves. Plans a one-pager for broad distribution (and to seed accurate LLM responses/community notes).
  • He laments “victim-mode” dynamics on social channels that inhibit factual debate (e.g., disagreements over treasury minting for stablecoin seed leading to social fallout). Emphasizes data-driven decisioning (market microstructure, OTC depth) over narratives.

Key takeaways and action items

  • Immediate/operational:
    • Continue replay analysis of orphan-chain transactions; coordinate with DeFi, bridges, exchanges to detect anomalies.
    • Publish/share the incident one-pager; proactively counter misinformation.
    • Strengthen monitoring and incident pub/sub; define alerting paths for SPOs/exchanges/bridges.
  • Security/process:
    • Commission external audits of the Haskell/Cardano stack; expand testing/simulation.
    • Advance independent client efforts and formal-spec conformance testing (Project BluePrint).
    • Progress Leios (transcribed “Laos/layouts”), SIPs (e.g., SIP-143), Hydra funding and roadmap.
  • DeFi/liquidity:
    • Seed multiple stablecoins (3–5), prioritize oracles/bridges; explore Treasury-backed reimbursement contracts (no rollbacks) if community-approved.
    • Launch RealFi mid-year; begin BTC bridging in Q1 next year and ramp; align yield products to attract BTC/other L1 assets.
    • Evaluate chain-level insurance (external policy and/or self-insurance RWA) in a 2026 program review.
  • Governance:
    • Maintain crisis-coordination channels across IOG/CF/Intersect/SPOs/exchanges; pursue standards-focused collaboration.
    • Reiterate community oversight asks for CF (elected board, objective KPIs) before any full reconciliation.
  • Legal/communications:
    • Encourage affected users/businesses to exercise legal rights in their jurisdictions; separate on-chain immutability from off-chain recourse.

Risks and open questions

  • Reputational risk: sustained misinformation; need for clear, verifiable incident documentation (technical one-pager, timelines, metrics).
  • Process maturity: speed and reliability of red-alert channels; exchange SOPs for partitions; monitoring coverage across the ecosystem.
  • Security debt: latent bugs in dependency libraries; ensuring third-party crypto libs are audited and fuzzed.
  • Organizational funding: who funds nine-figure core integrations if CF remains reticent; reliance on IOG/Midnight/Treasury.
  • Stablecoin issuance depth: CF/Emurgo participation; market-maker alignment; regulatory posture.
  • Scaling roadmap delivery: Leios timing, Hydra ecosystem funding, SIP adoption, Starstream/Night Stream milestones.
  • Legal outcomes: jurisdictional variations; potential chilling effects on white-hat contributions vs. accountability for malicious acts.

Notable quotes and quantitative anchors

  • Partition gap: ~964 slots; ~3.9% of orphan-chain txs not on canonical chain.
  • Response speed: war room ~25 minutes post-split; many exchanges acted within ~3 hours; bootstrap relays upgraded ~1 hour; replay sync 2–3 hours.
  • Recovery: stitching under ~12 hours once underway; no manual ledger edits, no centralized reset.
  • DeFi growth targets: Q1 start for BTC bridging; aim for 10-figure BTC on Cardano by ~2027; billions in homegrown stablecoin liquidity within ~24 months via RealFi.
  • RealFi track record: ~1,000,000 off-chain loans in EAfrica; ~17% returns; product to go live on Cardano.
  • Leios throughput target (as stated): ~60x; Hydra adoption for DEXes to achieve near-instant finality and very high TPS.

Appendix: Clarifications

  • “AI discovered the attack” claim: Charles asserts false; the attacker allegedly used specialized domain knowledge after seeing a testnet split, possibly using AI tools for translation/implementation, not discovery.
  • “Fork” nomenclature: Participants on the wrong side of a partition don’t immediately know; detection is subtle without specialized telemetry.
  • “Laos/layouts”: References to the scaling program are understood to mean Leios (Cardano’s parallel scheduling/scaling initiative); the transcript captured variants.