Cardano-based wallet SecondFi has identified the root cause of a security breach that saw attackers drain funds from hundreds of user addresses. The company confirmed the vulnerability was an address-level issue affecting how the wallet handles transaction signing.
According to SecondFi, about 16 million ADA (roughly $2.4 million) was affected across 374 addresses. The platform has secured around 129 million ADA through emergency measures, which is now held by an independent third-party custodian pending user verification.
Security firm Immunefi CEO Mitchell Amador offered a blunt assessment: “SecondFi’s wallet software exposed the private keys it generated.” He noted that while the Cardano blockchain itself remained secure, the code responsible for generating keys is “the part nobody audits like a contract.” Attackers, he said, are increasingly targeting infrastructure that creates or stores crypto keys rather than the protocols themselves.
Cardano founder Charles Hoskinson was quick to distance IOG from the incident, stressing that SecondFi (which rebranded from Yoroi wallet in April 2026) is an Emurgo product with no ownership or business relationship to IOG. “We didn’t write the code and we’re not connected to it,” he said. IOG’s incident response team has been in contact with SecondFi, which has requested an independent security audit.
SecondFi’s recovery advice has raised some eyebrows. The platform told users not to restore their recovery phrases into new Cardano wallets — a departure from community recommendations urging affected users to migrate funds to freshly generated addresses.
