HomeEverythingEducation
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
← All Stories

Ctrl Wallet to shut down services after security exploit

Created at 7 Jul · 11:05 AM1 source↑ Market-relevant
IN SHORT

Ctrl Wallet will cease operations weeks after a security exploit, urging users to withdraw assets by August 3, 2026. The non-custodial multichain wallet experienced a vulnerability affecting Cardano users on June 23, leading to its eventual shutdown.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

August 3, 2026deadline for asset withdrawal
June 23date of security exploit
16 million ADAestimated user funds lost in exploit
$2.4 millionestimated value of lost ADA at time of exploit
12-word or 24-wordrecovery phrase lengths
650,000monthly users on LinkedIn
2,500blockchain networks supported

Who's Involved

Ctrl Wallet
non-custodial multichain cryptocurrency wallet shutting down services
Emurgo
parent company of SecondFi, developed Ctrl Wallet
SecondFi
platform that experienced a security exploit
MetaMask
compatible wallet for importing recovery phrases
Trust Wallet
compatible wallet for importing recovery phrases
Phantom
compatible wallet for importing recovery phrases

↳ Why This Matters

The shutdown of Ctrl Wallet highlights the ongoing security risks in the cryptocurrency space and the potential for significant user losses following exploits. It also underscores the importance of timely asset withdrawal and due diligence when choosing wallet providers, especially after a security incident.

Key facts

  • Ctrl Wallet will shut down its services following a security exploit.
  • Users must withdraw assets before August 3, 2026, when all functions will be disabled.
  • The exploit on June 23 affected some Cardano wallets on the platform.
  • Ctrl Wallet, formerly XDEFI Wallet, was previously part of Emurgo and transitioned to SecondFi.
  • The exploit in SecondFi led to an estimated loss of 16 million ADA.

Ctrl Wallet, a non-custodial multichain cryptocurrency wallet, announced it will cease operations following a security exploit that occurred on June 23. Users are being urged to withdraw their assets before August 3, 2026, after which all functions within the app will be unavailable, except for the ability to export recovery phrases. The wallet will also be removed from app and browser extension stores, with downloads halted immediately.

The exploit impacted some Cardano wallets on the platform, leading the wallet's operators to place it in a temporary maintenance mode. Ctrl Wallet, formerly known as XDEFI Wallet, had transitioned under the Emurgo umbrella and its multichain architecture was set to continue within the SecondFi wallet. SecondFi, a self-custodial platform developed by Emurgo, experienced a vulnerability that allowed attackers to drain user funds, resulting in an estimated loss of 16 million ADA, valued at approximately $2.4 million at the time.

SecondFi has since revealed a recovery path for affected users and secured approximately 129 million ADA through emergency measures, transferring the funds to an independent third-party custodian. Ctrl Wallet strongly recommended that users export their assets to compatible wallets such as MetaMask, Trust Wallet, or Phantom before the August deadline. The company stated there will be no migration token or airdrop event and advised users to be wary of fake social media posts or websites promising such incentives.

Frequently asked questions

Ctrl Wallet is shutting down its services due to a security exploit that occurred on June 23, which affected some Cardano wallets.

Users must withdraw their assets before August 3, 2026. After this date, all functions except exporting recovery phrases will be disabled.

The exploit in SecondFi, a platform linked to Ctrl Wallet, resulted in an estimated loss of 16 million ADA, worth approximately $2.4 million at the time.

Users can export their recovery phrases to compatible wallets like MetaMask, Trust Wallet, or Phantom. SecondFi has also secured affected funds and is working on a recovery path.

What Happens Next

01Users must withdraw assets from Ctrl Wallet before August 3, 2026.
02Ctrl Wallet will be removed from app and browser extension stores.
03Users can export their recovery phrases to compatible wallets.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

Ctrl Wallet reported a security issue on June 23 affecting some Cardano wallets.
The wallet entered a temporary maintenance mode to protect user assets.
Ctrl Wallet announced it will shut down services, urging users to withdraw assets.
All functions except exporting recovery phrases will be unavailable starting August 3, 2026.
The app will be removed from app and browser extension stores.
Ctrl Wallet, formerly XDEFI Wallet, transitioned under the Emurgo umbrella before the exploit.
The exploit occurred in SecondFi, a platform developed by Emurgo, resulting in an estimated loss of 16 million ADA.
SecondFi revealed a recovery path and secured affected funds.

Sources

T1
Ctrl Wallet to shut weeks after security exploitThe move follows a June 23 exploit that has now resulted in closing down the wallet, with users urged to withdraw their assets before all functions are disabled on Aug. 3, 2026.Cointelegraph

Related Stories

Crypto hacks fell 47% in H1 but ecosystem is no safer: CertiK
6 Jul · 1:11 PM
Solana Meme Coin BonkDAO Loses $20 Million in Governance Exploit
6 Jul · 9:00 PM
Ripple secures EU MiCA license; Strategy sells Bitcoin; wallet vulnerability disclosed
7 Jul · 4:10 AM
Digital Chamber urges dismissal of NY lawsuit over 39,069 Bitcoin wallets
7 Jul · 9:40 AM
Trader loses $2M in DeFi exploit via low-liquidity pool
7 Jul · 6:05 AM