SecondFi Loses $2.4 Million in Cardano Wallet Exploit

Key facts

• SecondFi lost approximately $2.4 million worth of ADA due to a wallet exploit.
• The exploit affected 374 user wallets across three separate attacks.
• The vulnerability was in SecondFi's proprietary wallet generation software.
• SecondFi successfully secured an additional 129 million ADA before it could be reached by attackers.
• Affected users need to submit claims directly to SecondFi for reimbursement.

SecondFi, a Cardano wallet previously known as Yoroi, has reported a significant security breach resulting in the loss of approximately $2.4 million worth of ADA. The exploit, stemming from a flaw in the platform's proprietary wallet generation software, affected 374 user wallets across three distinct attacks. The vulnerability operates at the address level, meaning users cannot mitigate the risk by simply moving their seed phrase to a different wallet, as the exploit activates upon transaction signing.

In response to the incident, SecondFi's team managed to secure an additional 129 million ADA by routing it to a third-party custodian before attackers could access it. The company has since rolled out a patch for unaffected users and is directing those impacted to submit claims directly for reimbursement. An external accounting firm is verifying the secured funds. However, blockchain security firm SlowMist has estimated that the total losses could potentially exceed $20 million, pending an independent audit.

Cardano founder Charles Hoskinson acknowledged the exploit, noting that while the dollar amount was relatively modest compared to other crypto hacks, it was still a significant loss for those affected. ADA is currently trading at around $0.15, its lowest level since 2020.