Crypto news

24.06.2026
08:41

SecondFi wallet hack in the Cardano ecosystem: actual losses may exceed $20 million

The SecondFi project, a well-known wallet from the Cardano ecosystem, has officially confirmed a serious security incident. According to preliminary data from the team, the damage is estimated at approximately 16 million ADA (about $2.4 million). However, an independent security analysis indicates that the actual user losses could be catastrophically higher—over $20 million.

Discrepancy in Estimates: From $2.4 Million to $20+ Million

During an internal investigation, it was discovered that the breach was found in SecondFi's proprietary wallet generation software. The vulnerability caused private keys to be created with predictable randomness, making all wallets created through this software vulnerable to attack.

While the project team reports 178 compromised wallets and damages of 16 million ADA, blockchain security experts provide much more alarming forecasts. Analysis of the attacker's fund movements and activity of related wallets shows that the theoretical maximum loss could reach 129 million ADA. An eight-fold gap in estimates is a serious signal indicating that a significant portion of vulnerable wallets has not yet been drained but remains at direct risk.

Reputation Blow and What Users Should Do

SecondFi is a rebranding of one of the oldest and most popular "light" Cardano wallets, Yoroi, developed by EMURGO. With over a million users, this incident deals a serious reputational blow not only to the project itself but to the entire Cardano ecosystem. An attack on such a reputable product feels much more severe than a hack of anonymous DeFi projects.

The project has already suspended operations, entered maintenance mode, and taken a snapshot of balances. The team urges all users who created a wallet through their software to immediately transfer assets to other services. The investigation is ongoing, and the exact amount of losses will be disclosed after the completion of a technical audit involving a third-party blockchain security company.

Expert Opinion: This incident is yet another harsh reminder that even "light" wallets from trusted developers are not an absolute guarantee of security. The key lesson here is that the principle "not your keys, not your coins" remains the cornerstone of crypto security. Cardano users should reconsider their asset storage methods and, for long-term storage, prefer hardware wallets or trusted non-custodial solutions where control over private keys is entirely in the owner's hands.