A major security breach has shaken the Cardano ecosystem after SecondFi, the wallet formerly known as Yoroi, confirmed that hackers exploited a vulnerability in its proprietary wallet generation software, stealing approximately 16 million ADA—worth about $2.4 million—from hundreds of user wallets. While the initial losses are substantial, blockchain security firm SlowMist believes the total damage could eventually exceed $20 million, making it one of the largest wallet exploits in Cardano’s history.
The incident was not caused by a flaw in the Cardano blockchain itself. Instead, the attack targeted SecondFi’s wallet infrastructure, highlighting the growing importance of wallet security as decentralized finance continues expanding. The exploit has renewed concerns about software vulnerabilities in crypto wallets, even when the underlying blockchain remains secure.
According to SecondFi, attackers carried out three separate attacks that compromised 374 wallets, draining approximately 16 million ADA from affected users. The company said investigators traced the breach to a flaw in its proprietary wallet generation software, which exposed certain wallet addresses to unauthorized access.
Unlike many wallet exploits involving stolen seed phrases or phishing attacks, this vulnerability exists at the address level. SecondFi warned that simply restoring a recovery phrase into another Cardano wallet does not eliminate the risk, because the vulnerability is triggered whenever an affected wallet signs a transaction.
The company has since released a software patch for unaffected users while continuing to investigate the full scope of the breach.
Before hackers could access additional compromised wallets, SecondFi initiated emergency recovery procedures.
The team successfully transferred approximately 129 million ADA into the custody of an independent third-party custodian to prevent further theft. An external accounting firm has been hired to verify the rescued assets and oversee the claims process for affected users.
SecondFi said impacted users will be able to submit claims directly through the company while the investigation continues. The project has also commissioned independent security auditors to review its wallet infrastructure before normal operations fully resume.
While SecondFi confirmed losses of roughly $2.4 million, blockchain security firm SlowMist believes the final damage could be significantly larger.
According to the firm’s on-chain analysis, wallets potentially exposed by the vulnerability may contain approximately 129 million ADA, along with additional Cardano-native tokens and NFTs. If those assets are ultimately compromised, total losses could exceed $20 million, although that estimate has not yet been independently verified.
The large gap between SecondFi’s confirmed losses and SlowMist’s projections reflects uncertainty over how many vulnerable wallets remain at risk and whether emergency rescue efforts were able to secure all exposed funds.
The exploit has generated concern across the Cardano community, but developers have emphasized that the Cardano blockchain itself was not hacked.
The vulnerability was isolated to SecondFi’s proprietary wallet generation software rather than Cardano’s consensus mechanism, smart contracts, or cryptographic infrastructure. This distinction is important because it means the security of the Cardano network remains intact despite the wallet-level failure.
Cardano founder Charles Hoskinson acknowledged the incident and noted that while the dollar amount is relatively small compared to some of crypto’s largest hacks, that offers little comfort to affected users who lost their funds.
One of the most unusual aspects of the exploit is the guidance issued by SecondFi.
Rather than encouraging users to restore their recovery phrases into another wallet, the company specifically instructed affected users not to migrate their existing seed phrases, explaining that the vulnerability remains tied to the compromised wallet addresses themselves. Instead, users have been advised to wait for official recovery instructions and work directly through SecondFi’s claims process.
Security researchers have also warned users to remain vigilant against phishing attempts and fake customer support accounts seeking to exploit confusion surrounding the incident.
The attack adds to a growing list of high-profile wallet exploits affecting the crypto industry in 2026. As institutional adoption and self-custody continue expanding, wallet software has become an increasingly attractive target for attackers seeking access to user funds.
Unlike exchange hacks, wallet vulnerabilities can directly impact individual users without affecting the underlying blockchain. The incident reinforces the importance of independent security audits, rigorous code reviews, and rapid incident response procedures for wallet providers.
Base, the Ethereum Layer-2 blockchain incubated by Coinbase, experienced a temporary disruption after an "unsafe head" stall interrupted…
Story, the blockchain originally built to tokenize and license intellectual property, is expanding its vision…
Bitcoin plunged to a new multi-year low of $58,000 on Thursday before staging a modest recovery, extending one…
The U.S. Commodity Futures Trading Commission (CFTC) is exploring one of the biggest structural changes ever proposed…
Kraken is reportedly in advanced discussions to acquire a 15% ownership stake in Aave, one of the…
Telcoin Digital Asset Bank has officially launched what it says are the first regulated on-chain…