Crypto news

24.06.2026
14:30

SecondFi wallet hack on Cardano: 16 million ADA stolen, emergency measures fail to save all assets

hack

On June 23, the SecondFi team detected a critical vulnerability in its wallet on the Cardano blockchain. The platform was immediately switched to safe maintenance mode, temporarily blocking all user operations through the interface. Developers began analyzing the scope of the incident.

By the next day, June 24, it became known that attackers had managed to withdraw approximately 16 million ADA from 374 addresses. Based on my estimates, given the current ADA price of around $0.146, the total damage amounts to approximately $2.4 million. However, as it turned out, this is not the limit — the SecondFi team announced the launch of emergency measures to protect the remaining 129 million ADA, which were sent for storage to an independent qualified custodian. These funds will be distributed among the affected addresses.

Exploit Details and Ecosystem Reaction

SecondFi is actively collaborating with key players in the Cardano ecosystem, including Input Output Global (IOG), Cardano Foundation, Intersect, and SundaeSwap. The cause of the incident has already been identified, and a fix has been released for unaffected wallets. It is important to note that the vulnerability exists at the address level and manifests when signing a transaction. This means that simply restoring the seed phrase in another Cardano wallet will not solve the problem — risks remain.

Chain analysis shows that four withdrawal events occurred. Three of them were the work of attackers, while the fourth is likely related to the team's own movement of 129 million ADA for protection. There has been no direct confirmation of this from SecondFi, but logic suggests this scenario.

Immunefi CEO Mitchell Amador pointed to the root of the problem: the project's software exposed private keys that it itself generated. This is a classic case of a vulnerability at the key generation module level, not the Cardano blockchain itself. This underscores that the attack was specifically aimed at SecondFi's infrastructure, not the protocol.

Position of IOG and EMURGO

Cardano founder Charles Hoskinson was quick to distance himself from the incident, stating that SecondFi is not an IOG product. He emphasized that the company has no stake, control, or business relationship with this project. However, it is worth recalling that behind SecondFi (formerly known as Yoroi Wallet) stands EMURGO — one of the three key co-founders of the Cardano blockchain. EMURGO positions itself as a driver of commercial adoption of the technology, and this incident casts a shadow over the entire ecosystem, despite Hoskinson's attempts to distance himself.

Hoskinson also noted that IOG did not write the code for SecondFi and bears no responsibility for it. This is logical, but for the Cardano community, which is built on principles of decentralization and trust, such incidents are a serious blow to reputation. Recall that in November 2025, there was already a case where a "dormant" Cardano wallet accidentally lost $6.05 million when exchanging 14.4 million ADA through an illiquid pool. Earlier, on-chain detective ZachXBT called Cardano's operational model an "insider enrichment scheme."

My expert opinion: This hack is not a blockchain error but a direct negligence of the SecondFi team, which allowed the leakage of private keys at the level of its own software. For Cardano, this is an alarming signal: security issues at the application level, especially for critical ones like wallets, can undermine user trust in the ecosystem as a whole. The market has already reacted with a decline, and restoring trust will require EMURGO not only to fix the vulnerability but also to conduct a transparent audit of all its products.