EMURGO, a founding entity behind the Cardano blockchain, said it has finalized a recovery plan for users affected by the SecondFi wallet exploit, with asset returns expected within two weeks. The breach, which occurred between June 21 and 23, drained about 16 million ADA, worth roughly $2.4 million, from 374 wallet addresses.
Recovery plan and timeline
Chief Executive Pon said forensic checks and wallet balance verification have been completed. The recovery will proceed in two phases, with one week dedicated to building the mechanism and another to testing it before funds are restored.
Users affected by the exploit have been told not to move funds or share private credentials, as the recovery process depends on the current state of compromised wallets.
Details of the exploit
SecondFi, which rebranded from Yoroi in April, reported four draining events during the attack window. Three incidents were attributed to external actors, while a fourth involved an internal transfer of about 129 million ADA to third-party custody as a protective measure.
Two primary addresses were linked to the theft, targeting 171 and 203 wallets respectively. Around 4 million ADA remains in a flagged address under monitoring. Law enforcement has been notified, and an external accounting firm is reviewing fund custody.
Third-party sdk identified as cause
A separate analysis by Tibane Labs pointed to a third-party software development kit known as “trantor” as the likely source of the vulnerability. The firm said the unaudited package replaced an audited signing component on June 8, introducing a flaw that allowed private keys to be derived from a single signature.
According to the report, the core cryptographic library functioned correctly, but a critical parameter known as the per-key nonce was missing. This omission made private keys recoverable from transaction data. Investigators traced the first compromised transaction to the same day the updated code went live and confirmed findings by reconstructing keys from older signatures.
Unanswered questions and security concerns
EMURGO has not released a detailed technical explanation of the exploit or directly addressed Tibane’s findings. Security researcher Monahan noted that SecondFi’s software was closed-source and had not undergone independent auditing prior to the incident.
Tibane described the SDK update as an experimental build deployed without proper review. Transactions signed before June 8, using the previous verified implementation, were not affected.
Market reaction and on-chain signals
The breach has drawn attention to operational practices within the Cardano ecosystem, particularly as ADA trades near multi-year lows. Prices briefly fell to around $0.14 following the incident, reflecting negative sentiment.
Despite this, on-chain data showed resilience. Total value locked in Cardano-based decentralized finance protocols rose from 523.64 million ADA on June 19 to 586 million by June 26, suggesting no broad withdrawal of capital.
At the same time, derivatives activity surged. ADA futures volume on the CME jumped sharply on June 24, while negative funding rates indicated that some traders continued to bet on further downside.
Broader context and risks
Estimates of total losses vary, with official figures at $2.4 million and some analysts suggesting the impact could exceed $20 million. The lack of a full technical disclosure has left gaps in understanding the breach.
Users have also been warned about potential scams posing as official recovery channels, as bad actors may attempt to exploit the situation further.
In a separate earlier case, a $280 million exploit on the Solana blockchain was linked to errors involving durable nonces and social engineering, highlighting ongoing risks across different ecosystems.
For more on protecting your ADA and avoiding wallet exploits, read this essential security guide for crypto holders.
Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.
