SecondFi targets two-week recovery after Cardano exploit

SecondFi targets a two-week recovery after a Cardano wallet exploit that drained roughly 16 million ADA, worth about $2.4 million, from 374 addresses. Emurgo CEO Phillip Pon said forensic investigations are complete, a final balance snapshot is taken, and the company is preparing to return assets after building and testing its fix.

The Cardano wallet provider disclosed the breach on Tuesday and traced it to an address-level flaw in its web wallet generation software that exposed users' private keys. For holders watching fintech and crypto alerts, the case highlights how quickly wallet-level bugs can turn into large-scale losses even on established networks.

Key Takeaways

• SecondFi expects asset returns to begin in about two weeks, following one week of solution development and one week of testing.
• About 16 million ADA (~$2.4 million) was stolen from 374 addresses; emergency steps secured roughly 129 million ADA with a third-party custodian.
• CEO Phillip Pon warned users not to migrate assets or act outside official guidance during recovery.
• SecondFi says impersonation scams are circulating and it will never ask for seed phrases, private keys, or wallet access.

What happened in the SecondFi Cardano wallet exploit?

SecondFi said the incident affected approximately 16 million ADA across 374 addresses. At the time of the breach, that amount was worth about $2.4 million.

The company attributed the losses to an address-level issue in its Cardano web wallet generation software. According to SecondFi, the flaw exposed users' private keys rather than compromising only the application layer.

While investigations continue, SecondFi has not yet published a comprehensive post-mortem explaining exactly how the exploit was carried out. The wallet remains focused on containment, verification, and preparing refunds.

Why does SecondFi target a two-week recovery timeline?

In a Saturday statement, Phillip Pon, CEO of SecondFi developer Emurgo, said the company completed forensic investigations and established a recovery pathway for affected users. SecondFi also said it took a final balance snapshot as it prepares to return assets.

Pon outlined a phased schedule: the coming week will be spent building the recovery solution, followed by another week of testing and security reviews. Only after that process does SecondFi expect to begin returning assets.

That timeline explains why SecondFi targets a two-week recovery window rather than immediate payouts. The company said the process is designed around existing wallet states, and independent user actions could complicate a secure return of funds.

What should affected SecondFi users do now?

Pon urged users to refrain from migrating assets or taking steps outside official guidance while the recovery program moves forward. SecondFi said users requiring help should submit a ticket through its official support portal.

The company also warned that malicious actors are sending fraudulent messages impersonating SecondFi during the recovery effort. It stressed that no recovery actions requiring user participation have begun.

SecondFi said it will never ask for private keys, seed phrases, wallet credentials, or direct wallet access. Any message instructing users to submit wallet information, migrate assets, or act immediately outside verified channels should be treated as fraudulent, according to the company.

How much user funds did SecondFi secure after the attack?

Beyond the stolen ADA, SecondFi said it secured roughly 129 million ADA through emergency measures after the exploit. Those funds were transferred to an independent third-party custodian and will remain there until verification and recovery are complete.

For full details on the breach and recovery plan, see the Cointelegraph report on SecondFi's two-week recovery target.