Crypto news

24.06.2026
09:44

The SecondFi hack in the Cardano ecosystem: the actual damage may exceed $20 million

The SecondFi project, a key player in Cardano's infrastructure, has faced a serious security incident. The team's initial assessment indicates a loss of approximately 16 million ADA (about $2.4 million), but an independent analysis conducted by blockchain security experts shows that the actual damage could be significantly larger—up to $20 million or more.

Nature of the Vulnerability

The root of the problem lies in SecondFi's proprietary wallet generation software. The investigation revealed a critical flaw: the algorithm used created private keys with predictable randomness. This means that an attacker, after analyzing the generation mechanism, could compute the keys to any wallet created through this software. Preliminary estimates suggest that around 178 wallets were compromised.

Discrepancy in Estimates: $2.4 Million or $20 Million?

The SecondFi team currently estimates the losses at 16 million ADA, but experts from SlowMist, after analyzing the movement of funds, have reached different conclusions. According to their data, losses linked to the incident could be up to 129 million ADA and other tokens. The nearly eightfold gap in estimates suggests that some compromised wallets have not yet been drained but remain vulnerable. In effect, we are witnessing a situation where a "time bomb" is still active.

Impact on the Ecosystem

SecondFi is a rebranded product of Yoroi, one of the most popular "light" wallets for Cardano, developed by EMURGO. With over a million users, this incident delivers a reputational blow that is felt much more strongly than a hack of an anonymous DeFi project. It directly undermines trust in the blockchain's own infrastructure.

Currently, SecondFi has suspended operations and entered maintenance mode. The team has taken a snapshot of balances and urges all users who created a wallet through their software to immediately transfer assets to other services. The exact amount of losses will be disclosed after the completion of a technical audit.

Expert Opinion

This case is a stark reminder that even respected and long-standing projects are not immune to fatal errors in their core code. The SecondFi incident undermines trust in an entire class of "light" wallets and highlights the critical importance of using hardware solutions and cold storage for significant amounts. The market will be closely watching how EMURGO works to restore the reputation of its product.