SecondFi Wallet Exploit Exposes Private Keys, Drains Over $20M from Cardano Users

SecondFi, the Cardano wallet formerly known as Yoroi, disclosed a critical security vulnerability on June 23. The web wallet’s key generation software allowed unauthorized access to private keys, leading to direct theft of digital assets.

Blockchain security firm SlowMist estimates total potential losses could exceed $20 million, with up to 129 million ADA at risk. So far, 178 wallets have been confirmed compromised, with losses of approximately 16 million ADA, valued at around $2.4 million.

SecondFi, which serves over 1 million users, immediately suspended all services and urged users to move funds to new wallets. The company has not announced any compensation timeline or released a detailed audit.

Security researchers also warn of secondary scams targeting affected users. Fraudsters are impersonating SecondFi support to steal credentials.

For Cardano investors, the incident casts a shadow over ecosystem security. Whether Emurgo, SecondFi’s parent and a Cardano founding entity, steps in to make users whole remains an open question.