- SecondFi traced two attackers liable for draining 374 Cardano wallets in three assault waves.
- A flagged pockets linked to the exploit nonetheless holds over 4 million ADA beneath lively monitoring.
- The corporate secured 129 million ADA and launched audits to help restoration efforts.
Cardano pockets supplier SecondFi has recognized two attackers linked to a serious safety breach that drained roughly 16 million ADA from consumer wallets. The corporate disclosed new findings after a forensic investigation traced the exploit to coordinated automated assaults that affected a whole bunch of wallets between June 21 and June 23, 2026. Restoration efforts stay underway as investigators monitor stolen funds and strengthen platform safety.
Investigation Reveals Two Coordinated Attackers
SecondFi confirmed that the assault unfolded in three separate waves and impacted 374 pockets addresses. In response to the corporate’s findings, the attackers exploited a vulnerability associated to pockets technology and personal key creation, permitting them to realize unauthorized entry to consumer funds.
The investigation recognized two distinct attackers liable for the theft. Attacker A carried out the primary two waves of the exploit and efficiently drained 171 wallets by automated operations. In the meantime, Attacker B executed a 3rd assault wave and compromised an extra 203 wallets utilizing an analogous methodology.
To extend transparency, SecondFi publicly disclosed pockets addresses and stake keys related to each attackers. The corporate acknowledged that publishing this data will help ecosystem members, investigators, and legislation enforcement companies monitoring the stolen belongings.
https://t.co/19PlJ1BTBS
— EMURGO (@emurgo_io) June 25, 2026
One pockets linked to Attacker B reportedly nonetheless comprises roughly 4.02 million ADA. That deal with has been flagged and stays beneath lively on-chain monitoring as investigators proceed tracing fund actions.
The breach resulted in losses estimated at roughly $2.4 million based mostly on present valuations. Nonetheless, SecondFi emphasised that the assault was restricted to affected wallets and didn’t compromise the broader Cardano community infrastructure.
Restoration Efforts Proceed as Safety Measures Broaden
Following the invention of the exploit, SecondFi activated emergency response procedures and moved its platform into upkeep mode. The corporate acknowledged that engineers remoted the assault vector, deployed patches, and started working with impartial cybersecurity corporations to conduct complete safety critiques.
As well as, SecondFi reported securing roughly 129 million ADA by emergency containment measures. These belongings have been transferred to protected custody preparations earlier than attackers might acquire entry, considerably decreasing the general impression of the incident.
The corporate has established a devoted restoration fund to help reimbursement efforts for affected customers. Verification procedures are being ready to make sure belongings are returned securely and precisely.
SecondFi additionally warned customers to not restore or migrate compromised wallets independently. In response to the corporate, affected addresses ought to be thought of completely compromised because of the nature of the vulnerability.
Trying forward, SecondFi plans to renew regular operations solely after finishing exterior audits and safety assessments. The agency can also be cooperating with authorities and trade companions to get well stolen funds and pursue these liable for the assault.