SecondFi, the Cardano wallet previously known as Yoroi, announced that it has patched a critical exploit which siphoned roughly 16 million ADA—equating to about $2.4 million—from 374 user wallets across three separate attacks.
Exploit Mechanics
The breach originated from a flaw in SecondFi’s proprietary wallet‑generation software. The vulnerability operated at the address level, meaning that transferring a seed phrase to another wallet did not shield the funds. The security risk manifested whenever an affected user signed a transaction, allowing attackers to redirect assets.
Emergency Response
SecondFi activated emergency rescue procedures before the attackers could access an additional 129 million ADA. The team moved the compromised assets to an independent third‑party custodian and engaged an external accounting firm to audit the holdings. Affected users may now file claims with SecondFi for potential restitution.
Market and Community Impact
Security firm SlowMist projects that total losses could surpass $20 million once all compromised wallets and tokens are accounted for, pending an independent audit. Cardano founder Charles Hoskinson confirmed the incident, noting the dollar amount is modest compared with larger crypto hacks but offers little solace to victims. ADA currently trades near $0.15, its lowest price point since 2020, prompting investors to monitor further developments closely.