DigitalMoneyBox Signal Desk
DigitalMoneyBox Crypto market intelligence
Browse sections
Security Protos

SecondFi is shutting down after Cardano wallet exploit

Cardano wallet firm SecondFi says it will not resume “normal operations” and will instead focus solely on “returning assets to affected users” as it continues to grapple with last month’s $2.4 million ADA exploit. Develo...

78 /100
Market signal

Watchlist

Fresh in the current trading session. The story has cross-source confirmation.

SecondFi is shutting down after Cardano wallet exploit

Cardano wallet firm SecondFi says it will not resume “normal operations” and will instead focus solely on “returning assets to affected users” as it continues to grapple with last month’s $2.4 million ADA exploit.

Developer Emurgo, claimed yesterday that “SecondFi will not resume normal operations, even once the audits are complete.”

It added, “Going forward, our involvement in SecondFi is limited to a dedicated asset recovery team, tasked solely with returning assets to affected users.”

The firm has yet to release an audit of what took place during the exploit, which saw 16 million ADA ($2.4 million) stolen by bad actors, and 129 million ADA ($18.5 million) taken by a mysterious white hat hacker. 

Emurgo is also yet to launch a recovery plan for affected users and is still in the process of arranging one.  

This is the end of @YoroiWallet and @secondfiapp

What once was a common name on Cardano is no more. Unfortunate but most likely the best decision.

Focus is 100% on asset recovery. https://t.co/P8bUhxFqJT pic.twitter.com/ZRmN2KDY7i

— Pete | Beware of Scammers (@astroboysoup) July 6, 2026

Read more: Mystery deepens over Cardano wallet’s $18.5M white hat hacker

What was announced, however, was a new site for users to check the status of their wallet, however, it isn’t live yet. 

What’s the deal with the white hat hacker funds?

SecondFi wallets were drained last month after a “nonce derivation” issue exposed users’ private keys.

The exploited code created deterministic transaction data that could provide clues to recreate a wallet’s private key and facilitate the ADA theft. 

In the weeks that followed, users speculated that the white hat hacker may not actually have been associated with Emurgo. 

An X Spaces discussion with Cardano founder, Charles Hoskinson, fueled speculation after he said, based on information derived from a meeting between Emurgo and Cardano’s governance firm Intersect, that the white hat hacker was unknown to Emurgo. 

Hoskinson then noted, “or at least [Emurgo] said it is not affiliated with Emurgo.” 

SecondFi’s latest statement on July 4 notes that the assets acquired through its emergency response, which involved the white hat hacker, “are currently protected and accessible.”

As for the threat actor funds, it claims that Emurgo has established a recovery fund address here, which currently contains $2.8 million worth of ADA.

It’s unclear whether these funds are made up of the rescued ADA, or Emurgo’s own supply.

Protos has reached out to Emurgo for comment and will update this piece if we hear anything back.

Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on XBluesky, and Google News, or subscribe to our YouTube channel.

The post SecondFi is shutting down after Cardano wallet exploit appeared first on Protos.

Why this matters

Cardano is showing up inside the Security Incidents theme, so this story is worth tracking for follow-through rather than treating it as a one-off headline.

Original source

Read on Protos

Same story, other sources

Cross-source coverage

2 sources

Related market context