Cardano founder Charles Hoskinson (@IOHK_Charles) has responded to the exploit targeting SecondFi, a Cardano-native wallet platform, calling it "the unfortunate reality of crypto." Speaking a
Cardano founder Charles Hoskinson (@IOHK_Charles) has responded to the exploit targeting SecondFi, a Cardano-native wallet platform, calling it "the unfortunate reality of crypto." Speaking after news of the breach broke, Hoskinson acknowledged that while the losses may appear modest relative to other high-profile hacks, that context offers no relief to those directly affected. "It hurts them whenever they lose anything," he said.
SecondFi, the Cardano wallet formerly known as Yoroi, disclosed a security vulnerability on June 23 that allowed attackers to siphon roughly 16 million $ADA from 178 user wallets, worth approximately $2.4 million, along with an undisclosed number of tokens and NFTs.The vulnerability originated in SecondFi's web wallet generation software, which is responsible for creating new wallets and their corresponding private keys.Critically, Cardano's base protocol was not the entry point.
Blockchain security firm SlowMist's Cos said on-chain analysis showed user losses from the hack could theoretically exceed $20 million, potentially involving as much as 129 million ADA and other tokens, with the exact amount to be disclosed after a technical audit is completed.SecondFi promptly suspended operations and entered maintenance mode following the discovery of the flaw, and a snapshot of user balances was taken, effectively freezing records of user holdings at the time of the breach.
SecondFi's history is grounded in its original branding as Yoroi, one of the earliest and most widely adopted light wallets in the Cardano ecosystem, designed by EMURGO, one of Cardano's founding entities. Yoroi served more than a million users and was a trusted option for ADA holders. In April 2026, EMURGO rebranded Yoroi into SecondFi, broadening its services to encompass a fully-fledged self-custody neofinance platform, which includes features for spending, trading, earning, and saving.
Hoskinson responded to the SecondFi incident, noting that while the losses may appear small relative to other crypto exploits, they offer no comfort to those affected. He stressed that some users may have lost their entire ADA holdings, describing it as an unfortunate reality of the industry.
SecondFi has enlisted a top-tier blockchain security firm to conduct an independent investigation into the issue and is collaborating with prominent figures in the Cardano ecosystem, including Input Output Global (IOG), the Cardano Foundation, IntersectMBO, and SundaeSwap, to address the consequences and assist affected users.SecondFi has not disclosed a reimbursement timeline or recovery plan.
The exploit surfaced just one day after Cardano launched the Leios Musashi Dojo testnet, and the breach may complicate efforts to attract new developers and liquidity to the network.Security researchers have also flagged a wave of secondary scams targeting affected users, with scammers impersonating SecondFi support channels and offering fake recovery tools. Users are advised to interact only with verified official channels and to migrate funds to a new wallet created through a separate, unaffected provider.
Sources:BeInCrypto: Cardano Project SecondFi Hit by Major Exploit, Losses Could Top $20 MillionCrypto Briefing: SecondFi exploit drains over $20M from Cardano users as wallet key generation flaw exposedCrypto Times: Cardano Project SecondFi Halts Services as Hack Estimates Hit $20M
