SecondFi, Cardano-formerly known as a self-storage wallet platform Yoroi and developed by EmurgoIt detailed a structured way to refund funds to users affected by a security incident that occurred in late June 2026. The company confirmed it will work to return affected assets within approximately two weeks, while prioritizing security and comprehensiveness. verification.
chewing It was caused by a vulnerability in SecondFi’s proprietary wallet creation software.
Specifically, a flaw in deterministic nonce derivation allows external threat actors to private keys It uses public on-chain data.
This enabled unauthorized access when affected users signed transactions. The issue was related to the address level rather than a broader protocol weakness. Cardano itself.
According to official updates, there were four evacuations.
Three were carried out by outside attackers and resulted in the loss of approximately 16 million people. ISLANDThe value obtained from 374 wallet addresses was worth approximately $2.4 million at that time.
— EMURGO (@emurgo_io) June 27, 2026
SecondFi responded immediately platform entered maintenance mode, front-end interactions were paused, and emergency recovery measures were triggered.
These actions successfully secured an additional 129 million ADA by directing the funds to an independent third-party custodian before further losses occurred.
An external accounting firm was appointed to audit and verify the protected assets.
blockchain security firm Slow Fog suggested that the overall impact could be significantly larger; could potentially exceed $20 million when factoring in other tokens, NFTs, and additional assets affected beyond approved ADA consumption.
SecondFi has since deployed a patch for unaffected wallets and completed forensic investigations, balance snapshots, and security reviews.
In its last update shared on June 27, 2026Emurgo CEO Philip Pon confirmed that the teams have identified a clear recovery solution tailored to their current wallet situation.
The timeline includes one week dedicated to creating the technical recovery mechanism, followed by another week of testing and testing. security Verification before assets start returning to users.
A final balance snapshot was taken on June 26 to support the correct refund. SecondFi and Emurgo strongly advised affected users not to independently restore recovery statements to other accounts. Cardano wallets or moving funds on their own.
Such actions could disrupt the coordinated recovery process or introduce additional risks because the vulnerability is activated after the transaction is signed.
The only recommended step at this stage is to submit a support ticket through the official channels at support.secondfi.io.
User involvement in asset transfers or key sharing is not yet required, and the companies have reiterated that they will never issue private keys, seed phrases, or direct requests. purse access.
The teams highlighted that malicious actors are actively impersonating SecondFi with fake messages and fake support accounts.
Users are requested to ignore any unsolicited communications and trust only verified official sources.
Transactions are paused until they are full security The investigations were completed and trust in the platform was restored.
This incident underscores the persistent security issues facing cryptocurrency walletsEven those supported by established ecosystem players like Emurgo.
Although direct losses represent a significant setback for those affected crypto- users, rapid containment efforts, external oversight and a commitment to redress within a defined two-week period reflect a focus on minimizing long-term harm.
SecondFi He expressed his appreciation for the community’s patience and support throughout the response. The company plans to provide more proactive updates as the recovery process progresses.
