A major security breach has shaken the Cardano ecosystem after SecondFi, the wallet formerly known as Yoroi, confirmed that hackers exploited a vulnerability in its proprietary wallet generation software, stealing approximately 16 million ADA—worth about $2.4 million—from hundreds of user wallets. While the initial losses are substantial, blockchain security firm SlowMist believes the total damage could eventually exceed $20 million, making it one of the largest wallet exploits in Cardano’s history.
The incident was not caused by a flaw in the Cardano blockchain itself. Instead, the attack targeted SecondFi’s wallet infrastructure, highlighting the growing importance of wallet security as decentralized finance continues expanding. The exploit has renewed concerns about software vulnerabilities in crypto wallets, even when the underlying blockchain remains secure.
Three Coordinated Attacks Drained Hundreds of Wallets
According to SecondFi, attackers carried out three separate attacks that compromised 374 wallets, draining approximately 16 million ADA from affected users. The company said investigators traced the breach to a flaw in its proprietary wallet generation software, which exposed certain wallet addresses to unauthorized access.
Unlike many wallet exploits involving stolen seed phrases or phishing attacks, this vulnerability exists at the address level. SecondFi warned that simply restoring a recovery phrase into another Cardano wallet does not eliminate the risk, because the vulnerability is triggered whenever an affected wallet signs a transaction.
The company has since released a software patch for unaffected users while continuing to investigate the full scope of the breach.
Emergency Rescue Secured 129 Million ADA
Before hackers could access additional compromised wallets, SecondFi initiated emergency recovery procedures.
The team successfully transferred approximately 129 million ADA into the custody of an independent third-party custodian to prevent further theft. An external accounting firm has been hired to verify the rescued assets and oversee the claims process for affected users.
SecondFi said impacted users will be able to submit claims directly through the company while the investigation continues. The project has also commissioned independent security auditors to review its wallet infrastructure before normal operations fully resume.
SlowMist Estimates Total Losses Could Top $20 Million
While SecondFi confirmed losses of roughly $2.4 million, blockchain security firm SlowMist believes the final damage could be significantly larger.
According to the firm’s on-chain analysis, wallets potentially exposed by the vulnerability may contain approximately 129 million ADA, along with additional Cardano-native tokens and NFTs. If those assets are ultimately compromised, total losses could exceed $20 million, although that estimate has not yet been independently verified.
The large gap between SecondFi’s confirmed losses and SlowMist’s projections reflects uncertainty over how many vulnerable wallets remain at risk and whether emergency rescue efforts were able to secure all exposed funds.
Cardano Protocol Was Never Compromised
The exploit has generated concern across the Cardano community, but developers have emphasized that the Cardano blockchain itself was not hacked.
The vulnerability was isolated to SecondFi’s proprietary wallet generation software rather than Cardano’s consensus mechanism, smart contracts, or cryptographic infrastructure. This distinction is important because it means the security of the Cardano network remains intact despite the wallet-level failure.
Cardano founder Charles Hoskinson acknowledged the incident and noted that while the dollar amount is relatively small compared to some of crypto’s largest hacks, that offers little comfort to affected users who lost their funds.
Users Warned Not to Restore Their Seed Phrases
One of the most unusual aspects of the exploit is the guidance issued by SecondFi.
Rather than encouraging users to restore their recovery phrases into another wallet, the company specifically instructed affected users not to migrate their existing seed phrases, explaining that the vulnerability remains tied to the compromised wallet addresses themselves. Instead, users have been advised to wait for official recovery instructions and work directly through SecondFi’s claims process.
Security researchers have also warned users to remain vigilant against phishing attempts and fake customer support accounts seeking to exploit confusion surrounding the incident.
Wallet Security Faces Increased Scrutiny
The attack adds to a growing list of high-profile wallet exploits affecting the crypto industry in 2026. As institutional adoption and self-custody continue expanding, wallet software has become an increasingly attractive target for attackers seeking access to user funds.
Unlike exchange hacks, wallet vulnerabilities can directly impact individual users without affecting the underlying blockchain. The incident reinforces the importance of independent security audits, rigorous code reviews, and rapid incident response procedures for wallet providers.
