4.02 million ADA connected to SecondFi hack tracked in single wallet! What are the latest steps for Cardano holders?

Cardano’s wallet provider SecondFi, formerly Yoroi Wallet, has initiated the refund process for users affected by the automated attacks that occurred between June 21 and June 23. The company stated that, as of June 26, a final snapshot of account balances was taken, and repayments will be carried out based on this data. This marks the beginning of an extensive effort to compensate users impacted by the breach.

Source of the security breach

According to SecondFi’s investigation, the vulnerability exploited during the attack originated from a flaw in their wallet creation software. Specifically, a deterministic nonce derivation error in the software’s signer component made it possible for attackers to reconstruct private keys from public blockchain data. This severe oversight exposed users’ funds to significant risk.

Glossary: A “nonce” is a one-time-use number deployed in the generation of digital signatures. If this value is predictable or incorrectly generated, certain signature schemes can inadvertently leak private keys.

SecondFi revealed that two separate actors carried out the wallet-draining operations. According to a June 25 update, the first attacker targeted 171 wallets in two waves, while a second perpetrator siphoned funds from an additional 203 wallets using a different scanning method.

Warnings for impacted users

The company urges affected users not to transfer their recovery phrases to another Cardano wallet. The risk, they emphasize, is rooted in the specific address-level private keys rather than in the application used. Therefore, reusing the same recovery phrase in different wallet software does not resolve the underlying security problem.

SecondFi’s latest guidance from June 26 underscores that any transaction signed from an affected address leaks enough data for attackers to reconstruct private keys. The company also advises against claiming staking rewards, noting that attackers may monitor new transactions on the mempool and target remaining balances.

The refund fund and current status

Together with its parent company EMURGO, SecondFi has secured approximately 129 million ADA as an emergency containment measure. EMURGO, a prominent infrastructure and business development group within the Cardano ecosystem, says these assets will remain frozen until the recovery operation is complete.

Additionally, SecondFi has announced work on a dedicated compensation fund aimed at reimbursing those affected. The company clarified that normal operations will not resume until its systems are thoroughly audited and reauthorized by independent cybersecurity firms. For now, SecondFi remains in maintenance mode, but affected users can apply for support through official channels.

At the time of writing, ADA is trading at approximately $0.148, representing a more than 3 percent increase in the last 24 hours. Following the attack, the asset hovered around $0.15, while immediately after the news broke, it dropped nearly 2.9 percent in just one day. Compared to its early 2026 price of $0.42, ADA has lost more than 54 percent of its value since the beginning of the year.

The post 4.02 million ADA connected to SecondFi hack tracked in single wallet! What are the latest steps for Cardano holders? appeared first on COINTURK NEWS.