Crypto news

24.06.2026
16:34

SecondFi Exploit: 16 Million ADA Stolen from Wallets — Incident Details and Cardano Ecosystem Response

hack

On June 23, the SecondFi team detected a critical vulnerability in its own wallet on the Cardano blockchain. In response to the incident, the platform was immediately switched to safe maintenance mode, suspending all operations through the interface until the scale of the attack was determined.

By the next day, June 24, it became known that attackers had managed to withdraw about 16 million ADA from 374 addresses. Based on my estimates, given the ADA exchange rate at the time of the incident (around $0.146), the damage amounted to approximately $2.4 million. This is a serious blow to trust in the service, but fortunately, not fatal for the entire blockchain.

As part of emergency measures, the SecondFi team managed to protect the remaining 129 million ADA. These funds were promptly transferred to an independent qualified third-party custodian for safekeeping in the interests of affected users. Developers have already identified the root cause of the hack and released a fix for wallets not impacted by the attack.

Anatomy of the Attack and the Threat to Private Keys

According to the investigation, four withdrawal events were recorded. Three of them were carried out by attackers, while the fourth was likely initiated by the team itself to move protected assets. Immunefi CEO Mitchell Amador noted that the vulnerability lies in the project's software, which exposed the private keys it generated. The issue affected not the Cardano blockchain itself, but the wallet module responsible for key creation. This is why SecondFi strongly advised users not to restore the seed phrase in other Cardano-based wallets — the risk of compromise remained.

Reaction from Ecosystem Leaders

Cardano founder Charles Hoskinson was quick to distance his company Input Output Global (IOG) from the incident. He emphasized that SecondFi is not an IOG product, and they have no stake, control, or business relationship. "We did not write this code and are not associated with it," Hoskinson stated, comparing the situation to asking Apple to fix a problem in a Microsoft product.

It is worth noting that behind SecondFi (formerly known as Yoroi Wallet) stands EMURGO — one of the key players and co-founders of the Cardano blockchain. EMURGO describes itself as a company driving commercial adoption of blockchain technology. However, as this incident has shown, even proximity to the founders does not guarantee flawless code security.

My analysis: This hack is yet another reminder that in DeFi and self-custodial wallets, code security is paramount. A vulnerability at the key generation level is a ticking time bomb that could affect not just one, but many wallets. Although the Cardano ecosystem as a whole was not harmed, the reputational damage to SecondFi and indirectly to EMURGO could be significant. Investors and users should exercise heightened caution when choosing wallets, especially those that have not undergone multiple code audits by independent experts.