SecondFi loses $2.4 million in Cardano wallet exploit
SecondFi was hit by three separate attacks exploiting a flaw in its wallet generation software. A further 129 million ADA was secured by the team before attackers could reach it.
Make preferred on
Share this article
Summary
- SecondFi confirmed three external attacks drained 16 million ADA ($2.4 million) from 374 wallets via a flaw in its proprietary wallet generation software; a patch has been rolled out for unaffected users.
- The team rescued a further 129 million ADA before attackers could reach it, routing funds to a third-party custodian — but blockchain security firm SlowMist estimates total losses could still exceed $20 million pending an independent audit.
- Users cannot protect themselves by moving their seed phrase to another wallet; the vulnerability activates at the address level when a transaction is signed, and affected users must submit claims directly to SecondFi.
