SecondFi maintains two-week recovery timeline after $2.4M Cardano wallet exploit
SecondFi says it is still on track to recover user funds after an exploit drained roughly 16 million ADA — about $2.4 million at the time — from 374 addresses between June 21 and June 23. The team reiterated a planned two-week recovery window and promised a wallet-check tool early next week so users can verify whether their wallets were affected.
What happened
- Attackers emptied ~16 million ADA from 374 wallets over June 21–23. SecondFi estimates the stolen value at roughly $2.4 million at the time of the theft.
- SecondFi has linked the incident to its Cardano wallet generation software, and affected services were paused while engineers investigate.
Recovery plan and status
- SecondFi says engineering teams are pursuing multiple technical recovery routes in parallel to select the safest option for users. The team remains within an estimated two-week timeline.
- EMURGO CEO Phillip Pon said his company completed a forensic review, checked wallet balances, and identified what he called a “clear recovery solution.” EMURGO expects one week to build the recovery system and another week to test it before returns begin.
- SecondFi plans to release a wallet-check tool by early next week so users can confirm whether their wallets were compromised. A secure process for moving assets out of the platform will follow.
Emergency measures and security findings
- As an emergency step, SecondFi moved about 129 million ADA to an independent third‑party custodian to keep more assets away from attackers during the review.
- A technical report from Tibane Labs suggests the root cause may involve an unaudited third‑party SDK that replaced EMURGO’s audited signing code on June 8.
- Security researcher Taylor Monahan criticized the wallet code, saying SecondFi “rolled their own crypto,” intensifying scrutiny because the service — formerly Yoroi — had been trusted by Cardano users for years.
Warnings to users
- SecondFi stressed no user-facing recovery steps requiring action have started. Users are explicitly told to leave wallets untouched until official instructions arrive.
- The project warned it will never ask for private keys, seed phrases, wallet credentials or transfers. It also urged users to avoid depositing additional funds into existing SecondFi wallets.
- SecondFi flagged rising scam activity, with fake accounts and impersonators targeting users. It asked everyone to rely only on official channels and support tickets to avoid phishing or fake recovery links.
What’s next
- The immediate next milestone is the wallet-check mechanism due early next week. That tool should identify affected wallets before any recovery actions begin.
- A full, authoritative technical report from EMURGO or SecondFi is still pending. Until it is published, users must rely on public updates, outside analyses and the project’s recovery notices.
Why this matters
- The incident underscores continuing wallet-security risks for Cardano users and comes as ADA trades near multi‑year lows, adding pressure on trust in custodial and web wallet solutions.
- For affected users, acting prematurely — signing transactions or moving funds without official guidance — could increase risk and complicate recovery.
Practical advice for users
- Do not interact with affected wallets or sign new transactions until SecondFi issues official guidance.
- Do not share seed phrases, private keys or wallet credentials with anyone.
- Only follow instructions from SecondFi’s verified channels and support system.
SecondFi’s ability to restore funds safely and explain exactly what went wrong will be closely watched by Cardano users and the wider crypto community as the team works to complete forensic analysis and deploy the recovery process.
Read more AI-generated news on: undefined/news
