Crypto news

24.06.2026
15:02

Critical SecondFi Exploit: Hackers Drain 16 Million ADA, Team Urgently Blocks 129 Million

hack

On June 23, 2026, the SecondFi platform, formerly known as Yoroi Wallet and developed by EMURGO, faced a serious vulnerability in its wallet on the Cardano blockchain. The team immediately switched the platform to safe maintenance mode, temporarily blocking all operations through the interface to assess the scale of the attack.

By June 24, SecondFi confirmed that attackers had gained access to 374 addresses and withdrawn approximately 16 million ADA. At the current exchange rate of about $0.146 per token, the direct damage is estimated at $2.4 million. However, as the data shows, this is only part of the story.

Emergency Measures and Vulnerability Disclosure

In response to the active exploit, the SecondFi team launched an emergency protection protocol. They successfully moved the remaining 129 million ADA to an independent qualified custodian, preventing a total loss of funds. "The funds are held in the interests of the affected addresses," the developers stated, emphasizing that they are working in close coordination with key players in the Cardano ecosystem: IOG, Cardano Foundation, Intersect, and SundaeSwap.

Analysis showed that four withdrawal events were recorded. Three of them were actions by hackers, while the fourth was likely initiated by the team itself to move the 129 million ADA. The cause of the incident has already been found, and a patch has been released for unaffected wallets. The critical vulnerability lies at the address level: the risk arises at the moment of signing a transaction. This means that simply restoring the seed phrase in another Cardano wallet does not eliminate the threat. SecondFi strongly recommends that users do not restore the seed phrase in third-party wallets until further instructions.

Expert Opinions and IOG's Position

Immunefi CEO Mitchell Amador directly pointed to a software error: SecondFi's software exposed the private keys it itself generated. The problem lies solely in the wallet module, not in the Cardano blockchain itself.

Cardano founder Charles Hoskinson was quick to distance his company IOG from the incident. "This is not an IOG product. We have no stake, control, ownership, or business relationship with SecondFi," he stated, comparing the situation to a problem with a Microsoft product for which Apple is not responsible. Hoskinson emphasized that IOG did not write this code and is not associated with it, although SecondFi is backed by EMURGO, one of the co-founders of Cardano responsible for commercial adoption.

My analysis: This incident is a stark example of how fundamental security gaps can arise even within a single ecosystem. Hoskinson's attempt to disavow the problem, even though EMURGO is a key player, sets a dangerous precedent. Cardano users should reconsider their risks when using third-party wallets, even if they are affiliated with the network's founders. While SecondFi deals with the consequences, trust in the ecosystem takes a serious hit.