A number of Cardano wallets have been drained of roughly 16 million ADA (worth $2.4 million) after self-described “neofinance” platform SecondFi was hit by an exploit that targeted its wallet generation software.
SecondFi first alerted its followers to the incident this morning on X, claiming that it had detected a security issue that impacted a small number of Cardano wallets on its platform.
It said that it had contained the issue and that, as a precaution, its services would be temporarily placed into maintenance mode and that it would pause all front-end interactions.
Since then, SecondFi has shared an update that claims to have diagnosed the root cause of the exploit as an issue involving its native Cardano web wallet generation software.
It appears that some users may not be made whole after the incident, as SecondFi notes that it’s “taken extraordinary steps to protect remaining assets where possible.”
— SecondFi (@secondfiapp) June 23, 2026
SECURITY UPDATE: Root Cause & Blast Radius Confirmed
We have isolated the root cause of the recent security incident. The issue was confined to our native Cardano web wallet generation software.
Our team has completed an onchain analysis to determine the scope of impact, and…
Read more: Hoskinson wants to save Cardano’s rep by leaving X for Discord safespace
The self-custody firm said, “Our team has completed an on-chain analysis to determine the scope of impact, and we are now finalizing an independent technical review with a leading blockchain security firm to validate our findings.”
Software developer Blink Labs has warned that the exploit means “the wallets generated are all unsafe,” and advised users to “switch to another wallet immediately.”
Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.
The post Cardano wallets drained of $2.4M after self-custody exploit appeared first on Protos.
