Key facts
- Ctrl Wallet will shut down its services following a security exploit.
- Users must withdraw assets before August 3, 2026, when all functions will be disabled.
- The exploit on June 23 affected some Cardano wallets on the platform.
- Ctrl Wallet, formerly XDEFI Wallet, was previously part of Emurgo and transitioned to SecondFi.
- The exploit in SecondFi led to an estimated loss of 16 million ADA.
Ctrl Wallet, a non-custodial multichain cryptocurrency wallet, announced it will cease operations following a security exploit that occurred on June 23. Users are being urged to withdraw their assets before August 3, 2026, after which all functions within the app will be unavailable, except for the ability to export recovery phrases. The wallet will also be removed from app and browser extension stores, with downloads halted immediately.
The exploit impacted some Cardano wallets on the platform, leading the wallet's operators to place it in a temporary maintenance mode. Ctrl Wallet, formerly known as XDEFI Wallet, had transitioned under the Emurgo umbrella and its multichain architecture was set to continue within the SecondFi wallet. SecondFi, a self-custodial platform developed by Emurgo, experienced a vulnerability that allowed attackers to drain user funds, resulting in an estimated loss of 16 million ADA, valued at approximately $2.4 million at the time.
SecondFi has since revealed a recovery path for affected users and secured approximately 129 million ADA through emergency measures, transferring the funds to an independent third-party custodian. Ctrl Wallet strongly recommended that users export their assets to compatible wallets such as MetaMask, Trust Wallet, or Phantom before the August deadline. The company stated there will be no migration token or airdrop event and advised users to be wary of fake social media posts or websites promising such incentives.