Wallet Generation Flaw at the Root of the Breach Cardano ecosystem project SecondFi has confirmed a security breach tied to a flaw in its proprietary wallet generation software, with on-chain
Cardano ecosystem project SecondFi has confirmed a security breach tied to a flaw in its proprietary wallet generation software, with on-chain analysis pointing to losses of around 16 million $ADA, valued at roughly $2.4 million. The platform, formerly known as Yoroi and rebranded by Emurgo, one of Cardano's three founding entities, placed its services into maintenance mode and paused all front-end interactions shortly after the incident came to light.
Blockchain data linked to the exploit showed nearly 200 suspicious transactions occurring between June 21 and June 22, with funds moved across multiple addresses. SecondFi said it has isolated the root cause to its native Cardano web wallet generation software and is finalizing an independent technical review with a leading blockchain security firm to validate its findings.
The initial estimate may significantly understate the damage. SlowMist founder Cos, also known as Yu Xian, said his analysis of hacker fund flows and wallet activity suggests total user losses could theoretically exceed $20 million, with exposure potentially reaching as much as 129 million $ADA and other tokens. The exact figure is expected to be disclosed once a full technical audit is complete.
Software developer Blink Labs added to the alarm, warning that all wallets generated through the affected software should be considered unsafe, and urged users to migrate to a new wallet immediately. SecondFi has taken a snapshot of existing balances as a precautionary step, and says details on any compensation plans will follow.
The company also cautioned users about a rise in scam activity in the wake of the incident, stressing that official representatives will never ask for seed phrases, private keys, or fund transfers. Users seeking help have been directed to use only verified support channels.
Sources:Protos: Cardano wallets drained of $2.4M after self-custody exploitBloomingbit: Cardano Project SecondFi Says Hack Losses May Exceed $20 MillionDeFi Planet: SecondFi Suspends Services After Cardano Wallet Security Breach
