Key Insights
- SecondFi expects to complete development and testing before asset returns begin within two weeks.
- Attackers drained 16 million ADA from 374 wallets through a flaw in wallet generation software.
- The company secured about 129 million ADA with a third-party custodian after detecting the breach.
Cardano wallet platform SecondFi says it remains on schedule to return user assets after a security breach drained roughly 16 million ADA from hundreds of wallets. The company expects to complete development and testing of its recovery system within two weeks as affected users await further instructions and a wallet verification tool.
The incident, which emerged between June 21 and June 23, resulted in losses valued at approximately $2.4 million at the time of the attack. However, the total exposure could exceed $20 million when NFTs and other digital assets held in compromised wallets are included.
Investigation identifies root cause and recovery path
SecondFi and its parent company, EMURGO, spent the past several days conducting forensic reviews, validating wallet balances, and assessing recovery options. According to EMURGO Chief Executive Phillip Pon, the investigation identified a clear recovery path that allows the company to restore assets while minimizing additional risks.

The company said engineers are pursuing multiple technical approaches in parallel before selecting the safest option for users. Development work is expected to continue through the first week, while testing and validation will occupy the second week before distributions begin.
SecondFi also plans to release a wallet verification tool early next week. The tool will allow users to determine whether their wallets were affected before any recovery activity starts.
Importantly, the company stressed that no recovery process requiring user participation has begun. Users have been instructed to leave wallets untouched and wait for official guidance.
The platform also warned users not to restore compromised seed phrases on alternative wallets. According to the investigation, attackers could reconstruct private keys once affected addresses signed transactions, making those credentials permanently unsafe.
Incident Metric Details
ADA Drained: 16 million ADA
Affected Wallets: 374
Estimated Loss: $2.4 million
Potential Exposure: More than $20 million
ADA Secured After Breach: 129 million ADA
Recovery Timeline: Approximately two weeks
Security measures expand as scam risks increase
As recovery preparations continue, SecondFi has intensified warnings about fraudulent activity targeting affected users. The company reported a rise in impersonation attempts and fake recovery offers following public disclosure of the breach.
Users have been told not to deposit additional funds into existing wallets until further notice. Moreover, SecondFi said it will never request private keys, seed phrases, wallet credentials, or direct access to user accounts.

The company urged affected customers to submit support tickets through official channels if they have not already done so. Beyond that step, users should avoid transferring assets independently because the recovery framework depends on the current state of compromised wallets.
Phillip Pon warned that moving funds outside the official process could complicate verification efforts and potentially delay recovery.
Meanwhile, the company transferred approximately 129 million ADA to an independent third-party custodian after discovering the exploit. That emergency measure helped protect a larger pool of assets while investigators assessed the breach.
Wider questions emerge for wallet security standards
The breach has triggered broader scrutiny across the Cardano ecosystem because investigators determined that the blockchain itself remained secure. Instead, the vulnerability originated within SecondFi’s proprietary wallet generation software.
A report from Tibane Labs suggested that an unaudited third-party software development kit replaced audited signing code on June 8. The report linked that change to the flaw that enabled attackers to derive private keys from publicly available blockchain data.
Security researcher Taylor Monahan also criticized the wallet implementation, arguing that the project introduced custom cryptographic processes that increased risk.
The incident highlights one of the general problems facing the cryptocurrency industry. The security of the blockchain network can guarantee that people’s funds are safe, however, if the wallet software has weaknesses, there is a danger of major losses.
The event has led to software audits, code reviews, and implementation standards being at the forefront of mind for cardano users again. It also brings into question the way wallet providers test third-party integrations before they go live.
Key developments so far
- Recovery development remains on schedule
- Wallet verification tool expected next week
- 129 million ADA moved to secure custody
- No user action currently required
- Investigation identified a software-level vulnerability
Conclusion
The Cardano wallet exploit has become one of the most significant security incidents affecting the ecosystem this year. SecondFi says its recovery process remains on track, and the company expects to begin returning assets after completing development and testing.
In the meantime, the victims of this breach will be left to wait for official announcements from Cardano, and should not accept any unofficially offered recovery services or transfer funds. The success or failure of the recovery effort may shape the approach of wallet providers in the Cardano ecosystem to future security audits and software development.





