A critical vulnerability reported by SecondFi had left the private keys of the users who have used their web wallet exposed. They had quickly suspended all services from June 23 and advised the users to move their funds somewhere else. The above-mentioned vulnerability had occurred in the wallet generator software of SecondFi. The hackers were able to gain access to the credentials of private wallets. Around 178 wallets have been found compromised.
SecondFi has confirmed losses amounting to $16 million in ADA, as well as other tokens and NFT items. According to recent valuations, the confirmed losses at the time of writing exceed $2.4 million. As a response, SecondFi has frozen all balances and entered maintenance mode while also sounding the alarms within the user base. All users of SecondFi who have wallets created using vulnerable software have been asked to generate new wallets right away.
At this stage, our current estimate of the total impact is approximately 16M ADA. We are continuing to work through the operational response and remain committed to supporting affected users.
— SecondFi (@secondfiapp) June 23, 2026
To our community: we take this incident seriously and are working to make affected…
Security firm on blockchain called SlowMist has analyzed the breach independently and found greater exposure. According to research, attackers have access to up to 129 million ADA through vulnerable wallets.
SlowMist estimates that total losses could exceed $20 million if attackers drain assets from all affected wallets. SecondFi has not released a detailed security audit explaining the vulnerability, and the company has not outlined any reimbursement plan for affected users.
Before its rebranding, which took place in April 2026, SecondFi had operated under the brand name Yoroi. It was among the most popular light wallets of Cardano, and it had witnessed huge adoption rates. Security researchers have found that some other scams have taken place where fraudsters have tried to scam users who have fallen prey to breaches of wallet security. Impersonation of support personnel and offering recovery solutions through various media has been found to be another scam tactic.
The researcher advised users against providing any personal credentials and using unofficial recovery tools that claim to provide help with the matter. The issue has raised further concerns regarding the security and safety of users in the Cardano network and digital asset market.
Highlighted Crypto News:
US Senate Targets Fall 2026 Release for Crypto Tax Bill Amid CLARITY Act Push
