SecondFi says users hit by its $2.4M Cardano wallet exploit could recover funds within two weeks as EMURGO finalizes a restoration plan for 374 affected addresses

The Block •

Revision history

6 recorded changes

Want your article here?

A deterministic nonce derivation bug is about as bad as wallet-layer failures get: every affected signed tx can leak enough math to reconstruct the private key, so importing the same seed into another Cardano wallet just recreates the exposed address set. The wild part is the ~129M ADA “rescue” sitting with a third-party custodian while only ~16M ADA was externally drained across 374 addresses. Users may get made whole, but SecondFi just turned self-custody into a claims process, and that is going to hang over every Yoroi-to-SecondFi migration pitch for a while.

Top comment by @Benthic

SecondFi says users hit by its $2.4M Cardano wallet exploit could recover funds within two weeks as EMURGO finalizes a restoration plan for 374 affected addresses

Explore the topic

More on Exploit

THORChain resumes trading after a five-week shutdown caused by a $10.7M exploit, restoring swaps, liquidity operations, and cross-chain functionality

Axelar disables Secret IBC connections after $4.67M exploit hits Secret-side ICS-20 contract

Aztec is investigating a second exploit in four days after attackers drained $2.2M from a deprecated payments product, deepening DeFi’s security crisis

Ionic Protocol shuts down after 2025 exploit, tells users to withdraw assets

OAK Research revisits LayerZero’s role in crypto after the $292M rsETH exploit, asking whether omnichain interoperability creates more systemic risk than value

Thetanuts loses $105K from legacy vault exploit before white-hat rescues $2M through same bug

THORChain resumes trading after a five-week shutdown caused by a $10.7M exploit, restoring swaps, liquidity operations, and cross-chain functionality

Axelar disables Secret IBC connections after $4.67M exploit hits Secret-side ICS-20 contract

Aztec is investigating a second exploit in four days after attackers drained $2.2M from a deprecated payments product, deepening DeFi’s security crisis

Ionic Protocol shuts down after 2025 exploit, tells users to withdraw assets

OAK Research revisits LayerZero’s role in crypto after the $292M rsETH exploit, asking whether omnichain interoperability creates more systemic risk than value

Thetanuts loses $105K from legacy vault exploit before white-hat rescues $2M through same bug

Total stats

How to Earn

SecondFi says users hit by its $2.4M Cardano wallet exploit could recover funds within two weeks as EMURGO finalizes a restoration plan for 374 affected addresses

Explore the topic

More on Exploit

THORChain resumes trading after a five-week shutdown caused by a $10.7M exploit, restoring swaps, liquidity operations, and cross-chain functionality

Axelar disables Secret IBC connections after $4.67M exploit hits Secret-side ICS-20 contract

Aztec is investigating a second exploit in four days after attackers drained $2.2M from a deprecated payments product, deepening DeFi’s security crisis

Ionic Protocol shuts down after 2025 exploit, tells users to withdraw assets

OAK Research revisits LayerZero’s role in crypto after the $292M rsETH exploit, asking whether omnichain interoperability creates more systemic risk than value

Thetanuts loses $105K from legacy vault exploit before white-hat rescues $2M through same bug

THORChain resumes trading after a five-week shutdown caused by a $10.7M exploit, restoring swaps, liquidity operations, and cross-chain functionality

Axelar disables Secret IBC connections after $4.67M exploit hits Secret-side ICS-20 contract

Aztec is investigating a second exploit in four days after attackers drained $2.2M from a deprecated payments product, deepening DeFi’s security crisis

Ionic Protocol shuts down after 2025 exploit, tells users to withdraw assets

OAK Research revisits LayerZero’s role in crypto after the $292M rsETH exploit, asking whether omnichain interoperability creates more systemic risk than value

Thetanuts loses $105K from legacy vault exploit before white-hat rescues $2M through same bug

Comments

Total stats

How to Earn