On June 24, SecondFi said attackers drained roughly 16 million ADA, worth about $2.4 million, from 374 user wallets after exploiting a flaw in its wallet generation software. The timing matters because the SecondFi Cardano wallet exploit was not a single isolated theft, but three separate external attacks tied to the same proprietary software weakness.
XOOMAR Intelligence
SecondFi, the Cardano wallet formerly known as Yoroi, said it has patched the issue for unaffected users, according to CoinDesk. The flaw sat in SecondFi’s wallet generation system, not in a stolen password or a phishing campaign described in the source material.
That distinction matters. A bad wallet-generation process can poison the address itself. In this case, SecondFi said moving a seed phrase into another wallet does not fix the exposure because the risk activates when an affected address signs a transaction.
"The security risk occurs when an affected user signs a transaction," the team said on X.
The confirmed loss stands at 16 million ADA, but the exposure was much larger. SecondFi said it secured another 129 million ADA before attackers could reach it, sending those funds to an independent third-party custodian.
ADA was trading around $0.15, CoinDesk reported, its lowest level since 2020.
SecondFi’s most important move after the attacks was not the patch. It was the emergency transfer of 129 million ADA to a third-party custodian before the same weakness could be used against a much larger pool of assets.
That figure dwarfs the confirmed $2.4 million loss. It also explains why blockchain security firm SlowMist estimated total losses could still exceed $20 million once compromised wallets and tokens are fully counted. That higher number remains unconfirmed pending an independent audit.
| Category | Figure reported | Status |
|---|---|---|
| Confirmed drained funds | 16 million ADA, about $2.4 million | Confirmed by SecondFi |
| Affected wallets | 374 wallets | Confirmed by SecondFi |
| Funds secured before attackers reached them | 129 million ADA | Routed to third-party custodian |
| Potential total losses | Could exceed $20 million | SlowMist estimate, audit pending |
SecondFi said an external accounting firm has been engaged to verify the holdings moved to custody. Affected users can submit claims directly to SecondFi.
The practical guidance is blunt: users cannot assume they are safe by importing the same seed phrase elsewhere. The source material says the vulnerability sits at the address level, so a transaction signature from an affected address can trigger the risk.
For readers tracking how security failures can spill into market and operational risk, XOOMAR has also covered related risk stories including Russian Hackers Turn Jaguar Land Rover Hack Into $2.5B Hit and STRC Stock Loses Its Yield Shield as Bitcoin Bites.
The three-attack pattern is the detail that should worry SecondFi users most. Repeated exploitation suggests attackers were able to reuse the same weakness before containment measures stopped further drains.
The source material identifies the root cause as SecondFi’s proprietary wallet generation software. A later technical account described the flaw as a deterministic nonce derivation issue in the wallet’s software signer, meaning attackers could reconstruct private keys from public on-chain data once an affected address signed a transaction.
That kind of failure lands squarely in wallet implementation. The Cardano blockchain itself was not described as compromised in the supplied material. The failure point was the software sitting between users and the chain.
For a wallet provider, that is reputationally damaging. Users entrust wallet software with cryptographic hygiene they cannot easily inspect, and a generation or signing flaw can turn ordinary on-chain activity into a security event.
Cardano founder Charles Hoskinson acknowledged the incident, while saying the dollar figure was modest compared with other crypto hacks. He also made clear that scale does not soften the hit for users.
"It hurts them whenever they lose anything," Hoskinson said. "This is the unfortunate reality of crypto."
The forensic gaps still matter. Users will want to know when the flaw entered the codebase, how attackers discovered it, whether any reviews missed it, and how SecondFi will prove similar paths are closed.
SecondFi’s next test is execution. The company has said affected users can file claims, an external accounting firm is verifying custodied holdings, and a later report said SecondFi was preparing to return assets to affected users within roughly two weeks after completing a forensic investigation and final balance snapshot.
That is not the same as a confirmed full reimbursement. The supplied material does not establish that every user will be made whole, or that stolen funds have been recovered.
The immediate checklist is clear:
The watch item is whether the independent audit narrows or confirms SlowMist’s $20 million-plus estimate. If SecondFi can show the patch works, verify the 129 million ADA it secured, and give affected users a clear recovery path, the damage may stay closer to the confirmed theft. If the audit expands the affected set, the SecondFi Cardano wallet exploit becomes less about one drained wallet product and more about whether users can trust the platform’s security review process at all.
| Category | Amount | Status |
|---|---|---|
| Funds drained | 16 million ADA | Stolen from 374 wallets |
| Funds secured | 129 million ADA | Moved to third-party custodian |
Written by
Research and Editorial Desk
The XOOMAR Insights Team pairs automated research with human editorial judgment. We track hundreds of sources across technology, fintech, trading, SaaS, and cybersecurity, cross-check the facts, and explain what happened, why it matters, and what to watch next. We do not just rewrite headlines. Every article is fact-checked and scored for reliability before it goes live, and we link back to the original sources so you can verify anything yourself.
CybersecurityTaiko halted blocks after a forged-proof bridge exploit drained $1.7M, sending TAIKO lower and putting layer 2 bridge risk back in focus.
CybersecurityCryptoBandits turns USB drives into wallet traps, swapping copied addresses and stealing crypto data before users notice.
CybersecurityA $15M drain turned JaredFromSubway’s MEV logic against itself, exposing a sharp risk in automated crypto trading.
TradingBitcoin and Ether bounced, but derivatives still point bearish after nearly $1B in futures liquidations.
FintechKraken says PowerTrade used 100 trade corrections to flip a multimillion-dollar balance into a deficit. Now it's chasing discovery in U.S. court.
FintechTrump pulled a bipartisan housing bill into the SAVE Act fight, putting housing reforms and community bank relief on ice.
TechnologyNVIDIA says new AI data centers can cool servers with nearly no on-site water. The real footprint is bigger, and harder to dodge.
Global TrendsAn Aramco helicopter crashed in Ras Tanura, killing all 14 Saudi citizens aboard. The cause remains under investigation.
TechnologyScalpers are selling Steam Machine reservation access for up to $2,899, turning Valve's anti-scalping queue into the market.
Global TrendsIván Cepeda’s concession clears Abelardo de la Espriella’s razor-thin path to power, easing crisis risk but sharpening Colombia’s rightward turn.
Get our weekly roundup of the stories that matter across tech, fintech, and trading. No noise, just signal.
Free forever. No spam. Unsubscribe anytime.