Hoskinson Advances Cardano Recovery Plan After SecondFi Exploit

A Smart Contract Approach to Wallet Recovery

Cardano founder Charles Hoskinson (@IOHK_Charles) is experimenting with a smart contract designed to help users recover funds from wallets compromised in the recent SecondFi exploit. According to Hoskinson, the contract would use a zero-knowledge proof to verify that a claimant possesses the 24-word seed phrase associated with an affected wallet, without requiring that phrase to be exposed on-chain. If verified, the contract would vend $ADA and Cardano native tokens from a dedicated recovery pool to the confirmed owner. Hoskinson said he plans to coordinate with the Midnight team and key developers on the findings before any wider rollout.

The Midnight network, Cardano's privacy-focused sidechain, is a natural fit for this kind of work. Hoskinson has previously described Midnight as deeply connected to zero-knowledge systems , and the project's cryptographic tooling makes it a practical base for building proof-based recovery mechanisms.

The SecondFi Exploit: What Happened

SecondFi, the Cardano wallet formerly known as Yoroi, confirmed a major exploit that drained roughly 16 million $ADA, worth approximately $2.4 million, from 374 user wallets across three separate attacks. SecondFi's team traced the breach to a vulnerability in its proprietary wallet generation software, which gave attackers access to funds across multiple user wallets. Critically, Cardano's base protocol was not the entry point.

The team rescued a further 129 million $ADA before attackers could reach it, routing funds to a third-party custodian, but blockchain security firm SlowMist estimates total losses could still exceed $20 million pending an independent audit. Users cannot protect themselves by simply moving their seed phrase to another wallet. The vulnerability activates at the address level when a transaction is signed, and affected users must submit claims directly to SecondFi.

SecondFi was built on the foundations of Yoroi, a wallet created by EMURGO, one of the three founding entities behind Cardano. That history makes the breach sting harder for the community. The team says it is working with IOG, Cardano Foundation, IntersectMBO, and SundaeSwap to limit damage across the wider ecosystem.

Hoskinson's proposed recovery mechanism remains experimental, and no timeline has been confirmed. Its viability will depend on the technical findings from his coordination with the Midnight team and core developers. For now, affected users have been advised to wait for official guidance from SecondFi before taking any independent action.

Sources:
CoinDesk: SecondFi loses $2.4 million in Cardano wallet exploit, up to $20 million at risk
CryptoNewsZ: SecondFi fixes Cardano wallet flaw that led to 16M ADA theft
CoinGabbar: SecondFi Cardano Wallet Exploit: User Impact and Recovery Plan