16 Million ADA Withdrawn from SecondFi Wallets

SecondFi reported a security breach leading to the withdrawal of 16 million ADA, valued at approximately $2.4 million. The platform is currently in maintenance mode.

On June 23, the team at SecondFi reported a security issue with its wallet on the Cardano blockchain and switched the platform to secure maintenance mode. Users were temporarily unable to perform transactions while developers assessed the extent of the incident.

The platform remains in secure maintenance mode, and we have taken a full snapshot of balances as part of our response. This is being handled as a coordinated effort to protect the broader Cardano ecosystem.
We are working closely with the core pillars of our ecosystem:…
— SecondFi (@secondfiapp) June 23, 2026

On June 24, SecondFi announced that hackers had withdrawn approximately 16 million ADA from 374 addresses. According to Cointelegraph, the estimated loss was around $2.4 million, based on an ADA price of about $0.146 at the time of the incident.

“To prevent a total loss of funds during the active exploit, emergency measures were implemented to protect the available 129 million ADA. Funds are being directed to an independent qualified third-party custodian, where they will be held in the interest of the affected addresses,” the SecondFi team stated.

Incident Details

The team reported that they are collaborating with members of the Cardano ecosystem: Input Output Global (IOG), Cardano Foundation, Intersect, and SundaeSwap. On June 24, SecondFi clarified that they had identified the cause of the incident and released a fix for unaffected wallets.

To provide more clarity, we have identified the nature of the incident; it is at the address level. The security risk affects wallet users when a transaction is signed.
Therefore, recovery to another platform or wallet does not mitigate the risk.
🚨 DO NOT restore your… https://t.co/YkjjhL7gEq
— SecondFi (@secondfiapp) June 24, 2026

According to the team, there were four withdrawal events. Three were executed by the hackers, while the fourth likely involved the team moving around 129 million ADA to protect the assets. SecondFi did not disclose this directly.

Mitchell Amador, CEO of Immunefi, told Cointelegraph that the project's software exposed private keys that it generated itself. He estimated that the issue affected not the Cardano blockchain but the wallet module responsible for key generation. Consequently, SecondFi advised users against restoring their seed phrase in another Cardano-based wallet.

IOG's Position

Cardano founder Charles Hoskinson stated that SecondFi is not an IOG product.

It's not an IOG product. We have nothing to do with SecondFi. We have no equity, control, ownership, or business relationship. You are literally asking Apple if they will take care of an issue from a Microsoft product
— Charles Hoskinson (@IOHK_Charles) June 23, 2026

“We have no connection to SecondFi. We have no equity, control, ownership, or business relationship,” Hoskinson stated.

SecondFi (formerly Yoroi Wallet) is backed by EMURGO, a key player in the Cardano ecosystem. In its documentation, the company describes itself as a co-founder of the blockchain that “stimulates commercial adoption of blockchain technology and asset tokenization.”

In a separate video, Hoskinson distanced IOG from the incident, stating that the company does not control EMURGO and cannot speak on its behalf regarding the incident.

SecondFi https://t.co/PVh4CILTHW
— Charles Hoskinson (@IOHK_Charles) June 23, 2026

“We did not write this code and are not associated with it,” Hoskinson stated.

It is worth noting that in November 2025, a dormant Cardano wallet activated after five years and accidentally exchanged 14.4 million ADA for the stablecoin Anzens through an illiquid pool, resulting in a loss of $6.05 million.

Previously, on-chain detective ZachXBT labeled Cardano's operational model as an “insider enrichment scheme.”