EMURGO CEO Phillip Pon announced that the company has found a way to refund users of SecondFi and plans to initiate payments in about two weeks. According to wallet data, the exploit affected 374 addresses, leading to the withdrawal of approximately 16 million ADA.
https://twitter.com/emurgo_io/status/2070040375331586338
The team will spend the next week developing the refund mechanism, followed by another week for testing.
SecondFi has urged users not to transfer assets and to follow only official instructions. The team specifically warned against fraudulent messages and emphasized that the service does not request private keys, seed phrases, or wallet access.
According to SecondFi, there were four incidents of fund withdrawals between June 21 and 23. In three cases, external attackers withdrew about 16 million ADA (approximately $2.4 million at the time) from 374 addresses. In the fourth incident, the team urgently transferred around 129 million ADA to an independent custodian to isolate the assets from the attackers. An external auditing firm is currently reviewing these funds.
The company also identified two wallets belonging to the attackers: one linked to 171 compromised wallets and the other to 203. Approximately 4 million ADA associated with the theft are on a flagged collection address and remain under surveillance. SecondFi reported that it has notified law enforcement authorities.
An independent report was released by Tibane Labs. According to the company, the issue was not due to nonce reuse but rather an Ed25519 signature error. Tibane Labs claims that on June 8, an unaudited SDK trantor, published on npm by an independent developer, replaced the previously used verified EMURGO signature module. The company estimates that a single signed message was sufficient to recover the private key.
EMURGO has not published a complete technical postmortem and has not publicly responded to the findings of Tibane Labs.
The SecondFi wallet (formerly Yoroi until April) has long been one of the main wallets in the Cardano ecosystem. EMURGO, which backs the application, is one of the three founding organizations of the network.
It is worth noting that in the second quarter of 2026, the crypto industry set a record for the number of hacks, with 83 incidents resulting in total damages of $755.3 million.