SecondFi traces Cardano wallet exploit to address-level issue
SecondFi, a Cardano-based self-custodial wallet, suffered an exploit that drained user funds due to a vulnerability in its wallet-generation software. The platform said it identified the root cause and is working with Cardano ecosystem partners and blockchain investigators. It also activated emergency measures to secure about 129 million ADA, which is being moved to an independent custodian for affected users pending verification. SecondFi initially estimated about 16 million ADA, worth roughly $2.4 million, was impacted across 374 addresses. The issue appears to be at the address/key-generation level, meaning the software exposed private keys or created insecure signing conditions. The company warned users not to restore recovery phrases into other Cardano wallets, saying that would not remove the risk. Cardano founder Charles Hoskinson said SecondFi is not an Input Output Global product and that IOG has no ownership, control, or business relationship with it.
