SecondFi Plans To Return $2.4 Million After Cardano Wallet Exploit

EMURGO, a co-founding entity of Cardano, says it has found a way to return funds to users of its SecondFi wallet following a $2.4 million exploit. CEO Phillip Pon said the company finished its forensic investigation, validated wallet balances, and identified a clear recovery path.

He estimates roughly two weeks, one to build the mechanism and one to test it before returns start. Pon urged affected users not to move funds or act outside official guidance, stressing SecondFi will never ask for private keys or seed phrases.

What Happened To The $2.4 Million

Attackers drained about 16 million ADA from 374 addresses between June 21 and 23 through flawed wallet-generation software. SecondFi separately moved 129 million ADA to a third-party custodian as a protective measure, now being verified by an external accounting firm. Two attacker wallets were identified, and law enforcement has been notified.

A Competing Technical Account

Forensic firm Tibane Labs says the breach traces back to an unaudited third-party SDK called trantor that replaced EMURGO’s audited signing code on June 8, leaving private keys derivable from a single signature. EMURGO hasn’t addressed this claim publicly. Security researcher Taylor Monahan said SecondFi’s code was closed source and unaudited. The incident comes as ADA trades near multi-year lows.