SecondFi Patches Wallet Exploit After $2.4 Million in ADA Stolen From Cardano Users

SecondFi, the Cardano wallet previously known as Yoroi, has announced that it has fixed a critical security vulnerability that resulted in the theft of approximately 16 million ADA, valued at around $2.4 million. The exploit impacted 374 user wallets across three separate attacks, raising concerns about wallet security within the Cardano ecosystem.

According to SecondFi, the issue originated from a flaw in its proprietary wallet generation software. The vulnerability existed at the wallet address level, meaning affected users remained at risk even if they imported their seed phrases into different wallets. The company explained that the exploit could be triggered whenever an impacted user signed a transaction, making the threat particularly dangerous for unsuspecting holders.

To prevent further losses, SecondFi implemented emergency response measures after discovering the breach. The team successfully secured an additional 129 million ADA before attackers could access those funds. The recovered assets were transferred to an independent third-party custodian for safekeeping. To ensure transparency, SecondFi has also hired an external accounting firm to verify the holdings and oversee the claims process for affected users.

Blockchain security firm SlowMist has suggested that the total damage could be significantly higher than initially reported. The company estimates that losses tied to compromised wallets and related tokens may exceed $20 million. However, this figure has not yet been officially confirmed and remains subject to an independent audit.

Cardano founder Charles Hoskinson addressed the incident, acknowledging the impact on affected users. While he noted that the reported losses were relatively small compared to some of the largest cryptocurrency hacks in recent years, he emphasized that any financial loss is significant for those involved. Hoskinson described the event as another reminder of the risks that continue to exist in the cryptocurrency industry.

Meanwhile, ADA continues to face market pressure and is currently trading near $0.15, marking its lowest price level since 2020. The incident highlights the importance of strong wallet security, regular audits, and proactive risk management as the crypto sector works to strengthen user protection against evolving cyber threats.