29
On November 21, the Cardano blockchain suffered a major chainsplit after someone created a transaction that exploited an old bug in Cardano node software, causing the chain to split. The person who submitted the transaction fessed up on Twitter, writing, "It started off as a 'let's see if I can reproduce the bad transaction' personal challenge and then I was dumb enough to rely on AI's instructions on how to block all traffic in/out of my Linux server without properly testing it on testnet first, and then watched in horror as the last block time on explorers froze."Charles Hoskinson, the founder of Cardano, responded with a tweet boasting about how quickly the chain recovered from the catastrophic split, then accused the person of acting maliciously. "It was absolutely personal", Hoskinson wrote, adding that the person's public version of events was merely him "trying to walk it back because he knows the FBI is already involved". Hoskinson added, "There was a premeditated attack from a disgruntled [single pool operator] who spent months in the Fake Fred discord actively looking at ways to harm the brand and reputation of IOG. He targeted my personal pool and it resulted in disruption of the entire cardano network."Hoskinson's decision to involve the FBI horrified some onlookers, including one other engineer at the company who publicly quit after the incident. They wrote, "I've fucked up pen testing in a major way once. I've seen my colleagues do the same. I didn't realize there was a risk of getting raided by the authorities because of that + saying mean things on the Internet."
“I know! I’ll use one bogus technology to test another bogus technology! What could possibly go wrong?”
Someone discovered an exploit on cardano (a blockchain) that allowed for a “bad” transaction (think spending the same coin twice, or rejecting a transaction that was already valid).
This got some discussion but an actual fix wasnt the priority. Someone else decided to try and see if they could intentionally create a similar bad transaction.
There is a dedicated test chain which is specifically for those kind of tests but instead of choosing to do the bad transaction on the test chain, the person thought they would just block all internet traffic on their computer, but instead of doing that correctly by unplugging their ethernet cable or turning off the wifi, asked chat GPT how to block traffic ans chatGPT guessed wrong.
… Its a pretty weak excuse IMO. It doesnt sound like the exploit was vibe coded, just that the person trusted instructions about blocking connections from GPT. Like if this was a professional they would be fired immediately for such incompetence, but it sounds like it was not a professional.
Ultimately the problem is that they made the choice to use the main blockchain instead of the test one, that makes their defense of it being an accident a bit weak.