Cardano’s wallet hack exposed the user layer holding its on-chain government together

Summary

EMURGO is stepping back from Pentad, the five-member Cardano infrastructure-coordination group, to focus on recovering losses from the SecondFi exploit. The attack used weak randomness in SecondFi’s wallet address-generation code and drained about $2.4 million in ADA from 374 wallets. Cardano’s wallet-based governance makes the incident more significant because the same wallet environment is used for DRep delegation, voting, and reward withdrawal. The exploit sits alongside active Cardano treasury funding work: Pentad coordinates infrastructure spending, including a 70 million ADA Critical Integrations Budget and a later 23 million ADA Year 2 request. EMURGO’s exit removes one founding entity from that funding process while recovery work continues. Bitquery traced the issue to wallet-layer failure and says Cardano itself processed transactions normally. Broader forensic estimates of swept funds are separate from the confirmed loss. Governance activity remains active, with hundreds of DReps and thousands of votes recorded over 30 days.