SecondFi Pulls 129 Million ADA Out of Harm’s Way After Wallet Exploit

SecondFi, the Cardano wallet formerly known as Yoroi, confirmed that three external attacks drained 16 million ADA, roughly $2.4 million, from 374 wallets.

The team then secured another 129 million ADA before attackers could touch it, moving those funds to a third-party custodian.

The headline number here is the rescue, also the theft. Eight times more ADA was pulled to safety than was actually stolen.

SecondFi traced the root cause to its own native Cardano web wallet generation software. The Cardano blockchain was not hacked.

🚨 SECURITY UPDATE: Root Cause & Blast Radius Confirmed We have isolated the root cause of the recent security incident. The issue was confined to our native Cardano web wallet generation software.

Our team has completed an on-chain analysis to determine the scope of impact, and…

— SecondFi (@secondfiapp) June 23, 2026

That distinction matters for every ADA holder watching this. A base-chain exploit would threaten the network.

A wallet-generation flaw threatens the people who used that specific software to create addresses.

SecondFi said it isolated the problem and rolled out a patch for unaffected wallets so normal operations can resume.

CoinDesk reported the confirmed SecondFi loss and the emergency ADA rescue. CoinDesk said SecondFi confirmed three external attacks that drained about 16 million ADA from 374 wallets.

The report put the confirmed loss near $2.4 million, while making clear that the total risk could be larger. CoinDesk also said SecondFi moved another 129 million ADA to a third-party custodian before attackers could reach it.

That makes the rescue a central part of the story rather than a footnote after the theft. The report cited SlowMist’s warning that losses could exceed $20 million pending independent review.

For readers, the split between confirmed losses and possible exposure is essential. The clean takeaway is that this is a wallet-generation and address-level security problem in the Cardano ecosystem, not a reported failure of Cardano consensus.

Cointelegraph framed the SecondFi incident as an address-level wallet issue. Cointelegraph reported that SecondFi traced the exploit to an address-level issue and secured 129 million ADA after attackers drained funds from hundreds of addresses.

That address-level description matters because users may assume a seed phrase migration alone solves every wallet problem. SecondFi’s warning suggests the exposure can remain tied to affected addresses and transaction signing behavior.

That practical risk matters because official SecondFi channels are the right place for recovery guidance, not third-party claims. Verified project updates are more reliable than viral recovery instructions during an active exploit response.

The reporting also helps separate the software layer from the Cardano base chain. A wallet-generation flaw can produce major losses even when the underlying blockchain keeps validating transactions normally.

As per our previous post: https://t.co/rZanyrVGWN We have identified the root cause and have since rolled out a patch for all unaffected wallets. This will allow us to resume normal operations soon. —– Regarding affected wallets, 4 distinct draining events occurred.

3 were…

— SecondFi (@secondfiapp) June 24, 2026

SecondFi said its on-chain analysis determined the scope of impact and that it is working with a blockchain security company on an independent technical assessment.

SlowMist’s estimate is the looming question mark over this incident.

Wu Blockchain carried SlowMist’s larger-loss warning for the SecondFi exploit. Wu Blockchain cited SlowMist founder Cos saying suspected hacker-address analysis suggested losses may exceed $20 million.

That estimate is larger than SecondFi’s confirmed 16 million ADA figure, so the two numbers need to stay visible and separate. SlowMist’s warning also indicates the incident may include assets beyond the first ADA tally.

The key is uncertainty: a security firm’s on-chain analysis can flag broader risk before a final independent audit lands. For readers, that uncertainty is the news.

SecondFi’s public number gives the current confirmed impact, while SlowMist’s estimate shows why investigators are still treating the case as open. Those numbers should not be collapsed into one definitive loss figure.

SlowMist: Cardano Ecosystem Project SecondFi Losses May Exceed $20 Million

SecondFi, a Cardano ecosystem project, said the root cause of its recent security incident has been traced to an issue in its proprietary Cardano wallet generation software. The team stated it has… pic.twitter.com/MrAluSOqaO

— Wu Blockchain (@WuBlockchain) June 24, 2026

The clean takeaway is that a wallet’s address-generation code is part of your security, even when the chain underneath is solid. SecondFi caught most of the exposed funds in time and is being open about where the failure lived.

Affected users should follow SecondFi’s official guidance and nothing else.

Join the conversation!

We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.