SecondFi has announced a recovery plan for users affected by a recent exploit of its Cardano wallet, with asset returns anticipated in approximately two weeks.
Details of the Exploit
On June 27, 2026, SecondFi disclosed that a security breach had compromised around 16 million ADA, valued at roughly $2.4 million, across 374 addresses. The company traced the exploit to an issue within its Cardano web wallet generation software, which inadvertently exposed users’ private keys.
Recovery Efforts Underway
According to Phillip Pon, CEO of SecondFi’s developer Emurgo, the company has completed forensic investigations and established a recovery pathway for affected users. The upcoming week will focus on building the recovery solution, followed by a week of testing before assets are returned. Pon emphasized the importance of users refraining from migrating assets or taking actions outside of official guidance, as independent actions could complicate the secure return of funds.
Emergency Measures and Security Precautions
In response to the breach, SecondFi has secured approximately 129 million ADA through emergency measures, transferring these funds to an independent third-party custodian. This amount will remain in custody until the verification and recovery process is finalized. However, SecondFi has yet to release a detailed post-mortem analysis of the vulnerability or the exploit’s execution.
Warning Against Scams
In a separate update, SecondFi cautioned users about potential scams during the recovery process. The company reported that malicious actors are impersonating the wallet and circulating fraudulent messages. SecondFi clarified that no recovery actions requiring user participation have commenced and that it will never request private keys, seed phrases, or direct wallet access from users. Any communications asking for such information should be considered fraudulent. Users needing assistance are advised to submit a ticket through the official support portal while the recovery process is ongoing.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
