SecondFi and EMURGO: SecondFi won’t reopen after Cardano wallet breach

SecondFi and EMURGO: SecondFi won’t reopen after Cardano wallet breach

SecondFi Halts Operations After 16M ADA Wallet Exploit, Shifts Focus to Recovery

EMURGO has announced that SecondFi, a Cardano-based platform, will not resume normal operations following a security breach that drained 16 million ADA from 374 wallet addresses. The decision marks a shift from earlier recovery plans, with the project now prioritizing asset recovery and user migration over platform functionality.

The exploit, traced to a vulnerability in SecondFi’s native Cardano web wallet generation software, prompted an immediate service pause and an ongoing investigation by multiple independent security firms. EMURGO has cautioned against releasing early findings, stating that incomplete audits could lead to misinformation, though a patch to address the flaw has been submitted.

To assist affected users, EMURGO is rolling out checker tools, migration routes, and a recovery fund. A quarantined site, pending app store approval, will allow users to verify wallet status and initiate safe transfers. Additional support includes secure wallet export functionality and an in-person migration workshop in Tokyo. Users have been warned to rely only on official SecondFi channels, as scammers have exploited the incident with fake recovery accounts.

While unaffected users remain secure, EMURGO has urged all SecondFi users to migrate away from the platform, as recovery efforts take precedence. An on-chain recovery system is in development, but its deployment hinges on external audits to ensure security particularly given threat actors’ awareness of the vulnerability.

A full incident report, detailing the breach’s cause and impact, will be released once audits and code reviews are complete. Until then, SecondFi’s operations are limited to asset recovery and user support, aligning with a broader trend in crypto security where projects prioritize controlled, audited responses to breaches.

Source: https://crypto.news/secondfi-wont-reopen-after-cardano-wallet-breach/

SecondFi TPRM report: https://www.rankiteo.com/company/emurgo-io

EMURGO TPRM report: https://www.rankiteo.com/company/emurgo_io

"id": "emuemu1783356298",
"linkid": "emurgo_io, emurgo-io",
"type": "Vulnerability",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': '374 wallet addresses',
                        'industry': 'Blockchain/FinTech',
                        'name': 'SecondFi',
                        'type': 'Cryptocurrency Platform'}],
 'attack_vector': 'Vulnerability in native Cardano web wallet generation '
                  'software',
 'customer_advisories': 'All users urged to migrate away from the platform; '
                        'unaffected users remain secure',
 'data_breach': {'number_of_records_exposed': '16 million ADA',
                 'sensitivity_of_data': 'High (financial assets)',
                 'type_of_data_compromised': 'Cryptocurrency (ADA)'},
 'description': 'SecondFi, a Cardano-based platform, suffered a security '
                'breach that drained 16 million ADA from 374 wallet addresses '
                'due to a vulnerability in its native Cardano web wallet '
                'generation software. The project has halted normal operations '
                'to prioritize asset recovery and user migration.',
 'impact': {'brand_reputation_impact': 'Likely significant due to breach and '
                                       'operational halt',
            'downtime': 'Operations halted indefinitely',
            'financial_loss': '16 million ADA',
            'operational_impact': 'Platform functionality suspended; focus '
                                  'shifted to asset recovery and user '
                                  'migration',
            'systems_affected': 'SecondFi platform, 374 wallet addresses'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'corrective_actions': 'Patch submitted, external '
                                                  'audits in progress, '
                                                  'on-chain recovery system in '
                                                  'development',
                            'root_causes': 'Vulnerability in native Cardano '
                                           'web wallet generation software'},
 'recommendations': 'Rely only on official channels for recovery, migrate away '
                    'from the platform, await audited responses for security',
 'references': [{'source': 'EMURGO Announcement'}],
 'response': {'communication_strategy': 'Warnings against fake recovery '
                                        'accounts, official channels '
                                        'emphasized',
              'containment_measures': 'Immediate service pause, patch '
                                      'submitted for the vulnerability',
              'incident_response_plan_activated': 'Yes',
              'recovery_measures': 'On-chain recovery system in development, '
                                   'asset recovery and user support '
                                   'prioritized',
              'remediation_measures': 'Checker tools, migration routes, '
                                      'recovery fund, quarantined site for '
                                      'wallet verification, secure wallet '
                                      'export functionality, in-person '
                                      'migration workshop in Tokyo',
              'third_party_assistance': 'Multiple independent security firms '
                                        'conducting investigations'},
 'stakeholder_advisories': 'Users warned to avoid fake recovery accounts and '
                           'rely on official SecondFi channels',
 'title': 'SecondFi Halts Operations After 16M ADA Wallet Exploit',
 'type': 'Exploit',
 'vulnerability_exploited': 'Flaw in SecondFi’s native Cardano web wallet '
                            'generation software'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.