Cardano founder Charles Hoskinson has claimed that the identity of the presumably white hat hacker who took $18.5 million worth of ADA from exposed Cardano wallet users is unknown.
In an X talk yesterday called The Bingo Hall, Hoskinson claimed that he was informed by “Jer” of what went down in a meeting between the Cardano governance firm Intersect and the developers of SecondFi, Emurgo.
A clipped snippet of the talk shows Hoskinson claiming that “A member of the Emurgo team said the identity of the white hat hacker is not known to Emurgo.” He shortly added, “or at least [Emurgo] said it is not affiliated with Emurgo.”
“That’s probably a fair representation of the statement,” Hoskinson said, before noting that it was a secondhand recollection from the meeting by Jer.
Read more: Cardano wallets drained of $2.4M after self-custody exploit
He said, “I don’t particularly care if it’s Joe Schmo, Emurgo, or a third-party, doesn’t matter to me,” noting that his only concern is how they are going to move the funds and return them to affected users.
Days before this, X users had already begun to speculate whether or not Emurgo knew who the white hat hacker was.
Now, X users are doubting whether Emurgo knew the white hat hacker, with some calling for a police investigation into the firm. Others, however, are hoping Hoskinson’s claims are just a “miscommunication.”
SecondFi claims it triggered emergency measures
SecondFi, one of the largest Cardano wallet generators, was exploited earlier this week, and 16 million ADA ($2.4 million) was reported stolen from user wallets.
However, another 129 million ADA ($18.5 million) was also taken, but SecondFi later claimed that it was the result of an emergency measure it had deployed to secure the funds.
It said, “To prevent total loss during the active exploit, emergency rescue measures were triggered to secure the available ~129m ADA and continues to be routed to an independent, qualified third-party custodian, where they are held securely for the benefit of the affected wallet addresses.”
“An external accounting firm has been engaged for a special audit to independently verify those holdings,” it added.
Intersect’s latest post on the exploit yesterday demanded “a transparent account of how the issue arose, of the emergency measures taken to protect user assets, including the movement of at-risk funds to custody, and of how those assets, which include CNTs and NFTs as well as ada, will be safeguarded and returned.”
Intersect stresses Cardano blockchain isn’t broken
Intersect stressed that the exploit has nothing to do with the Cardano blockchain itself.
However, it noted that the implications of the exploit may impact the flow of ADA across the ecosystem.
SecondFi’s latest statement claims it took a final balance snapshot today and estimates thait will return lost user assetsed in two weeks’ time.
— SecondFi (@secondfiapp) June 26, 2026
Recovery Process Update
Our team remains focused on returning assets to affected users, and we are making strong progress on a structured recovery and verification process.
Two important updates today:
1. The final balance snapshot has been taken today, Friday 26 June 2026.…
Read more: Hoskinson wants to save Cardano’s rep by leaving X for Discord safespace
This isn’t guaranteed, and the firm noted that it is still trying to reach a “working solution” before it proceeds to test and review the asset return process.
It still advises users not to move to new wallets and warns, “Independent actions taken outside of official guidance create additional risks, and may significantly complicate the asset claims process.”
Protos has reached out to Emurgo for comment and will update this piece should we hear anything back.
Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.
The post Mystery deepens over Cardano wallet’s $18.5M white hat hacker appeared first on Protos.
