July 06, 2026 ChainGPT

EMURGO: SecondFi Won't Reopen After 16M ADA Hack; Will Focus on Asset Recovery

EMURGO: SecondFi Won't Reopen After 16M ADA Hack; Will Focus on Asset Recovery
EMURGO has announced that SecondFi will not resume normal operations following a major security incident that drained roughly 16 million ADA from 374 addresses. Instead, the company says SecondFi’s future efforts will be limited to recovering affected users’ assets and helping people safely exit the platform. What happened - SecondFi traced the breach to its native Cardano web wallet generation software. The exploit allowed attackers to empty approximately 16 million ADA from dozens of wallets; EMURGO’s public estimate currently cites 374 affected addresses. - In the days after the incident, SecondFi paused affected services and engaged outside security firms to investigate. EMURGO says multiple independent teams are still reviewing the event and the underlying code. Why SecondFi won’t reopen EMURGO made clear it will not return SecondFi to full product operations even after audits are finished. The company says the recovery process — securing assets, identifying victims, and ensuring any return of funds is safe and auditable — takes precedence over restoring normal service. EMURGO warned that publishing preliminary findings could spread inaccurate information and hamper investigations. What EMURGO is doing now EMURGO outlined three immediate priorities: - Asset safeguarding and a recovery fund for affected users. - Wallet status checks and safe migration routes so users can move funds to secure wallets or hardware devices. - Building an auditable, persistent on-chain recovery system in coordination with Cardano ecosystem partners — with an external audit required before any funds are returned. Operational steps and tools - A patch has been submitted to close the vulnerability while reviews continue. - EMURGO plans to launch a quarantined website this week where users can check wallet status and follow official migration steps (the tool is awaiting app-store approval). - A secure wallet export feature is slated to follow, to help users migrate to hardware wallets or other platforms. - An in-person migration workshop will be held in Tokyo to assist users directly. User guidance and risks EMURGO says users who were not affected appear safe based on current information, but still recommends all users migrate away from SecondFi using only official channels and tools. The company warned that scammers have been exploiting the situation with fake recovery links and impersonation attempts, and urged users to ignore unverified messages. Broader context and next steps Security experts warned the total loss could be higher if additional traced addresses prove to be attacker-controlled. EMURGO emphasized that speed is important but safety is paramount — outside audits of the recovery system are required before any funds are returned. The company also noted that this cautious, staged approach mirrors responses by other projects after major incidents, such as Taiko’s staged restart following a bridge attack. EMURGO said it will publish a full “who, what, and why” account once incident reports and code reviews are complete. For now, SecondFi’s role is strictly limited to asset recovery and helping users migrate away from the platform. Users should follow only official SecondFi and EMURGO channels for updates and migration instructions. Read more AI-generated news on: undefined/news