SecondFi Cardano wallet exploit drains 16M ADA; patch issued
SecondFi (formerly Yoroi) says it suffered three external attacks by exploiting a flaw in its proprietary Cardano wallet generation software.
The Cardano wallet exploit reportedly drained about 16 million ADA (≈$2.4M) from 374 user wallets. SecondFi has released a patch for unaffected users.
Before attackers could reach another 129 million ADA, the company initiated emergency rescue steps. Funds were routed to an independent third-party custodian, with an external accounting firm to verify holdings. Affected users must submit claims directly to SecondFi. Moving a seed phrase to another wallet is not a safe fix because the vulnerability can trigger at the address level during transaction signing.
Blockchain security firm SlowMist estimates broader losses could exceed $20M, but the final scope depends on an independent audit.
Market context: ADA trades near $0.15, close to its lowest level since 2020. Traders will likely watch the audit results, whether compromised wallets remain active, and any compensation framework. The Cardano wallet exploit reinforces near-term downside risk for ADA tied to self-custody and platform credibility concerns.
Bearish
This is a direct security incident tied to ADA wallet generation, and the damage estimate may still be widening. Even with a patch and emergency fund routing, the possibility that losses exceed the initially stated 16M ADA keeps uncertainty elevated.
Short-term, traders may price in heightened risk premium for ADA due to self-custody concerns, potential further disclosures from the independent audit, and the market’s tendency to de-rate projects after wallet-exploit headlines. There is also near-term headline sensitivity around whether compromised wallets remain active and how quickly compensation claims are processed.
Long-term, any confirmed remediation steps, transparent audit outcomes, and a credible settlement framework could reduce the overhang. However, until the scope is fully verified, the combination of unconfirmed higher-loss scenarios (SlowMist’s >$20M estimate) and ongoing claims resolution makes the outlook for ADA more likely bearish than neutral.