SecondFi says a Cardano wallet generation flaw caused user losses, while the ADA blockchain was not hacked.
A security incident tied to SecondFi has raised concern across the Cardano ecosystem. The company said the Cardano blockchain was not hacked.
SecondFi, formerly Yoroi, said the issue came from its native Cardano web wallet generation software. The problem was linked to wallet creation.
Reports said affected Cardano users lost millions after the flaw was exposed. SecondFi has not shared a full public loss report.
The team said it completed an on-chain review of the affected activity. It is also finalizing an outside technical review.
Reported losses include about 16 million ADA, worth around $2.4 million, plus tokens and NFTs.
Not a Cardano Blockchain Hack, SecondFi Says
To be clear, this was not a hack of the Cardano ADA blockchain. The incident affected the SecondFi wallet, formerly known as Yoroi.
The reported root cause involved native Cardano web wallet generation software, not the chain.
To be clear: this is NOT a hack of the Cardano $ADA blockchain.
It affected the SecondFi wallet (formerly Yoroi).
Root cause was regarding their native Cardano web wallet generation software, not the chain.
Still harsh hit for the ecosystem, hopefully resolution for affected…
— Cardanians (CRDN) (@Cardanians_io) June 23, 2026
SecondFi said it had isolated the root cause of the recent security incident. The company stated that the issue was limited to its native Cardano web wallet generation system.
It also said the Cardano blockchain itself was not affected.
The case remains a difficult setback for the Cardano ecosystem, based on the scale of user losses.
Affected users are now waiting for more details from SecondFi. The company has said it is working toward a resolution.
Private Key Exposure Linked to Wallet Creation
Reports said the flaw exposed private keys during the web wallet creation process. That exposure allowed attackers to gain access to affected self-custody wallets. Around 178 wallets were reportedly drained during the incident.
Private keys control access to funds held inside crypto wallets. When those keys are exposed, attackers can move assets without breaking the blockchain. This makes wallet security a key part of self-custody protection.
SecondFi said it has completed an onchain analysis to review the affected wallet group. The company is also finalizing an independent technical review. A leading blockchain security firm is expected to validate the company’s findings.
Cardano V11 Hard Fork Advances as Discord Clash Fuels Governance Fears
SecondFi Enters Maintenance Mode After Losses
The reported stolen assets include about 16 million ADA from affected users. The value was estimated at around $2.4 million when the figures were shared.
Other Cardano-based tokens and NFTs were also reportedly stolen.
🚨CARDANO USERS HIT BY FRESH WALLET DRAIN!!!
A critical flaw in SecondFi, the rebranded Yoroi wallet, exposed private keys during web wallet creation, letting attackers empty roughly 178 self-custody wallets.
Around 16 million $ADA (~$2.4 million) plus tokens and NFTs were… pic.twitter.com/oRiJ65sqYj
— Crypto Banter (@crypto_banter) June 24, 2026
SecondFi placed its platform into maintenance mode after the incident became public. The company also took a balance snapshot during its response process.
That snapshot may help support any planned user compensation process. SecondFi has said it is investigating the wallet drain with security experts.
The company has also said it is planning compensation for affected users. Final details on timing, eligibility, and payment terms remain pending.
Leave a Reply
You must be logged in to post a comment.