A major security breach has led Cardano’s wallet provider, SecondFi, to kick off a refund process for those affected by attacks on their systems from June 21 to June 23. The company took action by conducting a thorough review of account balances as of June 26 to initiate reimbursements. This incident is a starting point for a comprehensive recovery strategy aimed at compensating users impacted by these security lapses.
How Did the Breach Occur?
The security issue traces back to a critical bug in SecondFi’s wallet creation software. Specifically, the problem lay in a deterministic nonce derivation glitch within the signer component, allowing attackers to extract private keys from public blockchain data. This crucial technical error resulted in significant exposure of user funds.
The breach was executed by two separate attackers. The first launched two attack waves, compromising 171 wallets, while the second targeted an additional 203 wallets using more advanced scanning methods.
What Should Users Avoid?
SecondFi is cautioning users against transferring their recovery phrases to other Cardano wallets. The potential risk lies in the compromised address-level private keys, not in the wallet software itself. Hence, using the same recovery phrase elsewhere will not mitigate the current security issue.
The latest advisory warns that transactions from affected addresses reveal enough data for private key reconstruction by fraudsters. Pertinently, collecting staking rewards is discouraged since attackers may target new transactions visible in the mempool. Assets secured at affected addresses remain vulnerable when transferred.
SecondFi has consolidated over 4.02 million ADA linked to the attack into a single monitored wallet.
The Current Recovery Measures
In collaboration with its parent company, EMURGO, SecondFi has locked down about 129 million ADA as a reactive measure to address the breach. EMURGO, a key player within the Cardano ecosystem, confirms these resources will remain inaccessible until full recovery operations conclude.
SecondFi has also pitched plans for a dedicated compensation fund to speed up reimbursements. Regular service will remain halted until a detailed software audit is completed and systems are cleared by external cybersecurity experts. In the meantime, affected users are encouraged to reach out via official support channels for assistance.
- 4.02 million ADA is now kept in a single secure wallet.
- The initial attack spanned 374 wallets.
- Compensation operations are supported by a fund of 129 million ADA.
Cardano’s ADA is currently valued at roughly $0.148, an uptick of over 3 percent in the past day. Despite this rise, the coin dropped about 2.9 percent following news of the breach, significantly down from its early 2026 value of $0.42, indicating a year-to-date depreciation of over 54 percent. The situation has prompted significant attention from stakeholders looking for swift resolutions.
