SecondFi reported $2.4 million stolen from 374 Cardano wallets in major ADA breach

SecondFi, one of the key wallet providers in the Cardano ecosystem, has confirmed that a sophisticated security breach between June 21 and June 23, 2026, affected a total of 374 wallet addresses. The incident resulted in the theft of approximately 16 million ADA, which equates to about $2.4 million at current valuations. EMURGO, one of Cardano’s founding organizations, responded by announcing an official compensation process, stating its intent to fully reimburse all users impacted by the breach.

Scope of the attack and identification of addresses

According to company reports, the attack unfolded in four separate incidents across three automated phases. Forensic investigations traced the activity back to two distinct perpetrators. The first attacker targeted 171 wallets during the initial two waves, executing their operations in a coordinated, automated manner. The second attacker acted independently in the third phase, draining an additional 203 wallets.

For transparency, SecondFi made the associated addresses of the attackers public. The company noted that the first attacker operated three aggregation wallets and a single central fee address, all linked via the same staking key. SecondFi further reported that a flagged wallet associated with the second attacker currently holds more than 4 million ADA, and this address remains under surveillance.

Mini glossary: A staking key in the Cardano network can link multiple addresses under a single staking identity. This structure can leave significant traces in on-chain analysis, enabling investigators to establish connections between different addresses.

The company also reported that law enforcement and relevant authorities have been notified as part of the official response process. Security analysts noted that the speed and coordination of the attack point to a premeditated and multi-actor operation.

Emergency response and reimbursement process

Following the initial detection of the breach on June 22, SecondFi activated emergency response protocols. Engineering teams quickly isolated the attack vector and implemented fixes to prevent further losses. The platform was put into maintenance mode as an added precautionary measure.

SecondFi also brought in an external security firm and independent partners to conduct a thorough code-level review. The company clarified that normal operations would not resume until these assessments are completed. According to SecondFi, this strategy ensures that user safety is prioritized over operational speed.

As part of the emergency recovery efforts, approximately 129 million ADA have been secured. The company has stated that recovered assets are being held safely, and a dedicated restoration fund has been established to manage reimbursements.

Critical warnings for affected users

SecondFi and EMURGO emphasized that the compromised wallets should now be considered permanently at risk at the address and private key level. Importing a compromised seed phrase into another wallet does not resolve the underlying security issue.

Users have been urged not to independently transfer their assets or attempt to move funds from vulnerable wallets on their own, as such actions could increase the risk of further losses or exploitation. The companies advised that users should only follow the official recovery process to ensure security.

Both organizations have also reported working on a structured, verification-based claims mechanism. While the process may take some time, it is seen as essential to maintain integrity and user protection. Leaders in the Cardano community and partner organizations have also stepped in to support containment efforts in the aftermath of the breach.

The post SecondFi reported $2.4 million stolen from 374 Cardano wallets in major ADA breach appeared first on COINTURK NEWS.