Overview
- A coordinated exploit that ran June 21–23 targeted wallets generated by SecondFi’s web flow and led to roughly 16 million ADA being stolen from hundreds of addresses.
- SecondFi says the root cause was a deterministic nonce derivation flaw in its signer that allowed attackers to reconstruct private keys from transaction data on the blockchain.
- The company suspended services, snapped user balances, routed about 129 million ADA to an independent custodian, and hired external security firms to conduct independent audits.
- Affected users have been told not to restore recovery phrases into other wallets because compromised addresses remain unsafe and scammers are impersonating support channels.
- Cardano leaders say the protocol itself was not breached, but the incident raises trust and market questions for Cardano and leaves reimbursement timelines dependent on forensic and audit results.