Cardano Wallet Exploit Sparks Multimillion Dollar Loss

Wallet Generation Flaw at the Root of the Breach

Cardano ecosystem project SecondFi has confirmed a security breach tied to a flaw in its proprietary wallet generation software, with on-chain analysis pointing to losses of around 16 million $ADA, valued at roughly $2.4 million. The platform, formerly known as Yoroi and rebranded by Emurgo, one of Cardano's three founding entities, placed its services into maintenance mode and paused all front-end interactions shortly after the incident came to light.

Blockchain data linked to the exploit showed nearly 200 suspicious transactions occurring between June 21 and June 22, with funds moved across multiple addresses. SecondFi said it has isolated the root cause to its native Cardano web wallet generation software and is finalizing an independent technical review with a leading blockchain security firm to validate its findings.

SlowMist Warns Losses Could Be Far Larger

The initial estimate may significantly understate the damage. SlowMist founder Cos, also known as Yu Xian, said his analysis of hacker fund flows and wallet activity suggests total user losses could theoretically exceed $20 million, with exposure potentially reaching as much as 129 million $ADA and other tokens. The exact figure is expected to be disclosed once a full technical audit is complete.

Software developer Blink Labs added to the alarm, warning that all wallets generated through the affected software should be considered unsafe, and urged users to migrate to a new wallet immediately. SecondFi has taken a snapshot of existing balances as a precautionary step, and says details on any compensation plans will follow.

The company also cautioned users about a rise in scam activity in the wake of the incident, stressing that official representatives will never ask for seed phrases, private keys, or fund transfers. Users seeking help have been directed to use only verified support channels.

Sources:
Protos: Cardano wallets drained of $2.4M after self-custody exploit
Bloomingbit: Cardano Project SecondFi Says Hack Losses May Exceed $20 Million
DeFi Planet: SecondFi Suspends Services After Cardano Wallet Security Breach