SecondFi Cardano wallet exploit traced to address-level bug; 129M ADA secured

Published: 2026-06-24 13:05:18 |

SecondFi confirmed it traced the SecondFi Cardano wallet exploit to an address-level issue in its Cardano web wallet generation software. Attackers drained funds from 374 addresses, and SecondFi said emergency steps have secured about 129 million ADA for affected users, pending verification with an independent third-party custodian. SecondFi previously estimated around 16 million ADA (about $2.4 million) was impacted across 374 addresses. The company said the vulnerability exposed private keys it generated when users sign transactions, while the underlying Cardano blockchain itself remained secure. Immunefi CEO Mitchell Amador noted that key-generation/infrastructure code is often less audited than blockchain protocols. SecondFi advised users not to restore recovery phrases into new Cardano wallets, warning that recovery/migration alone does not mitigate the risk. Charles Hoskinson said SecondFi is not a product of IO Global (IOG) and emphasized IOG has no ownership/control relationship with the wallet. SecondFi has not published a full post-mortem, but says it is working with Cardano ecosystem platforms and blockchain investigators and has requested an independent security audit. Traders should watch for ADA sentiment swings tied to wallet security and whether verification results or additional findings change perceived risk around self-custody infrastructure—SecondFi Cardano wallet exploit remains the key headline affecting confidence.

Bearish

This is likely bearish in the near term for ADA sentiment. The article centers on the SecondFi Cardano wallet exploit and reports large-scale outflows (up to 16M ADA estimated affected; 129M ADA secured), which can trigger immediate risk-off behavior among self-custody users even if the chain is not broken. Similar past wallet/key-management incidents in crypto often lead to short-term volatility, higher perceived smart-contract/key-risk, and a preference shift toward “safer” custody or operational practices. That said, the impact may be contained because SecondFi frames the issue as an address-level problem in its own wallet software (not a Cardano consensus failure) and says funds have been secured for verification. In the medium to long run, market reaction should depend on whether independent audit results and the final verification process confirm limited scope and no further leakage. If follow-up disclosures are reassuring, the sell pressure could fade; if evidence expands or guidance is contradicted, the episode could deepen and become a longer-lived bearish overhang on ADA-related ecosystem trust.