SecondFi traces Cardano wallet exploit to address-level issue

CBOE debuts prediction market with S&P 500 contracts img3
Spread the love

Written by Helen Partzstaff writerReviewed by Yohan Yunstaff writer

Written by Helen Partzstaff writer

Reviewed by Yohan Yunstaff writer

SecondFi traces Cardano wallet exploit to address-level issue

Latest NewsPublishedJun 24, 2026

Cardano wallet SecondFi traced the incident to an address-level issue and secured 129 million ADA after attackers drained funds from 374 addresses.

A vulnerability in Cardano-based wallet SecondFi allowed attackers to drain user funds, resulting in major losses.

SecondFi on Wednesday verified it had identified the root cause of the exploit and is now engaging with Cardano ecosystem platforms and blockchain investigators to address the issue.

The company also stated it triggered emergency measures that secured roughly 129 million ADA, which is being transferred to an independent third-party custodian and held for affected users pending verification.

The platform on Tuesday estimated that around 16 million ADA, or $2.4 million, was affected across 374 addresses.

Cardano founder Charles Hoskinson stated SecondFi is not an Input Output Global product and stressed that there is no ownership, control, or business relationship between the wallet and IOG.

SecondFi traces exploit to an address-level issue

SecondFi has not released a comprehensive post-mortem as of publication, but has issued multiple statements confirming a security breach caused by a vulnerability in its Cardano web wallet generation software.

It stated the root cause of the incident was an issue at the address level that affects users when they sign transactions.

Source: SecondFi

“SecondFi’s wallet software exposed the private keys it generated,” Mitchell Amador, CEO of security company Immunefi, told Cointelegraph.

Amador stated that while the blockchain remained secure, the code that generates the keys is the “part nobody audits like a contract.” He added that attackers have increasingly shifted focus toward infrastructure that creates or stores crypto keys rather than blockchain protocols.

Related: AI models led to a ‘vulnerability apocalypse’ in crypto security: Immunefi CEO

“Recovery to another platform or wallet does not mitigate the risk,” SecondFi stated, advising users not to restore their recovery phrases into new Cardano wallets. The guidance differed from recommendations by some community members, who urged users to migrate affected wallets and move funds to newly created addresses.

“We didn’t write the code,” says Hoskinson

SecondFi is a self-custodial platform built on Cardano that rebranded from the Yoroi wallet in April 2026. Yoroi was developed by Emurgo, which describes itself as the “for-profit arm of Cardano,” and was introduced as the first open-source light wallet for the Cardano blockchain.

Hoskinson stated IOG’s incident response team has been in contact with SecondFi since Monday and that the platform requested an independent security audit.

Source: Charles Hoskinson

In a Tuesday video posted on X, Hoskinson stressed that IOG “is not Emurgo,” adding that the company has no influence over Emurgo and cannot speak on its behalf regarding the exploit.

“We didn’t write the code and we’re not connected to it,” he stated.

Magazine: Japanese pension fund tips 1% in crypto, G7 urges action on NK hackers: Asia Express

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

  • Cardano
  • Wallet
  • Hacks
  • Hackers
  • Private Keys
  • Industry

More on the subject

CBOE debuts prediction market with S&P 500 contracts


51 minutes ago

Zoltan Vardai

what-happened-in-crypto-today

Here’s what happened in crypto today


6 hours ago

Cointelegraph

CFTC sues Kentucky after state’s prediction market lawsuits


10 hours ago

Felix Ng

CBOE debuts prediction market with S&P 500 contracts


51 minutes ago

Zoltan Vardai

what-happened-in-crypto-today

Here’s what happened in crypto today


6 hours ago

Cointelegraph

CFTC sues Kentucky after state’s prediction market lawsuits


10 hours ago

Felix Ng



💡 A Greener Way to Earn: Looking for a smarter, more sustainable way to earn and mining crypto? EcoPool Network is a cloud-based mining pool that does the heavy lifting on remote servers — so you earn rewards around the clock without worrying about overheating hardware or sky-high electricity bills. It’s lightweight, battery-friendly, and built for everyday users. Download EcoPool now and start mining & earning smarter today.

Spread the love

About the Author

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like these