Cardano wallet exploit: SecondFi traces attack to private key flaw, warns users not to restore seed phrases

ambcryptoPublicado a 2026-06-25Actualizado a 2026-06-25

Resumen

SecondFi has identified the root cause of the recent Cardano wallet exploit, which drained approximately 16 million ADA ($2.4 million) from 374 wallets. The attack stemmed from a deterministic nonce derivation flaw in its software signer, allowing attackers to mathematically reconstruct private keys from public blockchain data after transactions were signed. The company warns affected users not to restore their compromised recovery phrases into another wallet, as the vulnerability exists at the private key level, meaning addresses remain exposed. Users are advised against moving funds or withdrawing staking rewards and should instead await SecondFi's official recovery process. Emergency containment has secured around 129 million ADA pending recovery. SecondFi has launched a restoration fund, engaged external security auditors, and identified two attacker groups responsible for the automated draining campaigns between June 21 and 23. The platform remains in maintenance mode during ongoing security reviews.

SecondFi has identified the root cause of the recent exploit that targeted hundreds of Cardano wallets. It warned affected users not to restore their recovery phrases into another wallet, as the compromise occurs at the private key level rather than the wallet application itself.

In an investigation update published on June 25, the Cardano wallet provider said the attack stemmed from a deterministic nonce derivation flaw in its software signer. This allowed attackers to mathematically reconstruct private keys from publicly available blockchain data after affected addresses signed transactions.

The findings come days after the exploit drained approximately 16 million ADA, worth about $2.4 million. It affected 374 wallets across four separate wallet-draining events.

SecondFi says signing flaw exposed private keys

According to SecondFi, the vulnerability existed at the address level. This means compromised keys remain exposed even if users import the same recovery phrase into another Cardano wallet.

The company said every transaction signed by an affected address leaked sufficient information for attackers to derive that address’s private key from on-chain data.

As a result, SecondFi urged affected users not to migrate their recovery phrases to another wallet or attempt to move funds independently. It warned that compromised addresses could be drained again.

It also cautioned against withdrawing staking rewards, as such transactions could expose funds to attackers monitoring the mempool.

Instead, the wallet provider advised affected users to wait for its official recovery process while submitting claims through its support portal.

Recovery effort enters next phase

SecondFi said it has completed mapping all wallets affected during the initial exploit and has begun the next stage of its recovery program.

The company confirmed that 374 wallet addresses were impacted, with approximately 16 million ADA compromised. It added that emergency containment efforts have already secured around 129 million ADA, which is being held pending recovery operations.

SecondFi has also established a dedicated restoration fund to reimburse affected users and engaged multiple external security firms to audit its systems before resuming normal operations.

The platform remains in maintenance mode while independent security reviews continue.

Investigators identify two attacker groups

As part of its latest update, SecondFi said it had identified and isolated the blockchain addresses associated with two attackers responsible for the automated wallet-draining campaigns between June 21 and 23.

According to the investigation, one attacker drained 171 wallets across two waves. At the same time, a second actor compromised 203 wallets during a separate sweep.

The company also disclosed that approximately 4.02 million ADA linked to the exploit remains in one identified collection wallet. The wallet has been flagged and remains under active monitoring.

Final Summary

SecondFi traced the Cardano wallet exploit to a deterministic nonce-derivation flaw that enabled attackers to reconstruct private keys from public blockchain data.
The company has launched a recovery program, identified two attacker groups, and warned affected users not to restore compromised recovery phrases into other wallets.

Criptos en tendencia

CitreaCTR

wrapped stUSDTWSTUSDT

Velodrome FinanceVELODROME

BrevisBREV

ZRX（0X）ZRX

PancakeSwapCAKE

Preguntas relacionadas

QWhat was the root cause of the Cardano wallet exploit identified by SecondFi?

AThe root cause was a deterministic nonce derivation flaw in its software signer, which allowed attackers to mathematically reconstruct private keys from publicly available blockchain data after affected addresses signed transactions.

QWhy did SecondFi warn affected users not to restore their recovery phrases into another wallet?

ABecause the compromise occurs at the private key level, not the wallet application. This means the compromised keys remain exposed even if the recovery phrase is imported into a different Cardano wallet, and any funds moved to a new address from the same seed could be drained again.

QHow many wallets and what total amount of ADA were affected by the exploit according to the article?

AApproximately 374 wallet addresses were affected, with about 16 million ADA (worth around $2.4 million) compromised.

QWhat were the two main actions SecondFi advised affected users to take or avoid?

ASecondFi advised affected users to: 1) Wait for its official recovery process and submit claims through its support portal, and 2) Avoid migrating recovery phrases to another wallet, moving funds independently, or withdrawing staking rewards, as these actions could expose funds to attackers.

QWhat did SecondFi's investigation reveal about the attackers involved in the exploit?

AThe investigation identified two attacker groups. One drained 171 wallets across two waves, and a second actor compromised 203 wallets during a separate sweep. Approximately 4.02 million ADA linked to the exploit remains in one identified collection wallet.

Lecturas Relacionadas

Solstice and Tensorx to Buy $1 Billion in AI Infrastructure to Support EU Sovereign AI Demand

Solstice and TensorX have announced a partnership to finance up to $1 billion in European sovereign AI infrastructure, including AI hardware and data-center build-out to meet EU demand for localized compute. TensorX operates a fleet of NVIDIA GPUs in EU data centers with strict data residency. Solstice, an onchain settlement protocol, will provide the financing and launch a new yield-bearing asset called aiUSX. This asset allows companies to deploy capital earmarked for future AI inference costs into infrastructure lending, generating yield while keeping funds liquid. Initially capped at $5 million, aiUSX aims to help companies offset rising AI expenses. Both companies are part of the Deus X Capital ecosystem.

TheNewsCryptoHace 59 min(s)

Solstice and Tensorx to Buy $1 Billion in AI Infrastructure to Support EU Sovereign AI Demand

TheNewsCryptoHace 59 min(s)

AAVE price jumps 15% – Can $40.69M in protocol fees sustain the breakout?

AAVE price jumped over 15%, breaking a key resistance level after weeks of consolidation. The rally coincides with strong protocol fundamentals, as Aave generated over $40.69M in fees in the past 30 days, capturing more than 50% of the decentralized lending sector's fees. Network activity is growing, with USDT deposits on its Ethereum Core market nearing $3 billion, indicating deeper liquidity. Whale accumulation at current prices and a bullish long-term price forecast from Standard Chartered have also boosted optimism. The key challenge is whether buyers can hold the broken resistance as support to sustain the breakout momentum.

ambcryptoHace 1 hora(s)

AAVE price jumps 15% – Can $40.69M in protocol fees sustain the breakout?

ambcryptoHace 1 hora(s)

Tokenized SpaceX Stock Liquidations Show Crypto Leverage Reaching Private Markets

Tokenized SpaceX stock positions recently experienced significant liquidations, illustrating the growing risk as crypto-style leverage enters private-market equity products. This episode highlights a key tension in the tokenized asset narrative: while these products aim to democratize access to high-demand, late-stage private companies like SpaceX, pairing them with leverage transforms them into high-volatility instruments more akin to crypto derivatives than traditional equity investments. The demand for tokenized SpaceX exposure stems from its brand power, scarcity, and investor interest. However, this access does not eliminate inherent risks, including jurisdictional limits, complex redemption terms, liquidity constraints, and differences in investor rights compared to direct ownership. The incident serves as a broader warning for the tokenized real-world asset (RWA) market. For sustainable growth, platforms must establish clear rules around custody, pricing, leverage, and disclosures. Regulators are likely to scrutinize whether such products are marketed as equity access while functioning as leveraged derivatives. This story underscores ongoing market themes: increasing regulatory specificity, the integration of crypto products with traditional finance rails, and heightened sensitivity to liquidity conditions. It reinforces the need to view developments through the lens of evolving market structure, leverage, and institutional participation rather than as isolated price catalysts.

bitcoinistHace 1 hora(s)

Tokenized SpaceX Stock Liquidations Show Crypto Leverage Reaching Private Markets

bitcoinistHace 1 hora(s)

Is upcoming ‘Giga’ upgrade true driver behind SEI’s 30% rally?

SEI has rallied approximately 30% in June, decoupling from Bitcoin's recent weakness to trade around $0.058. The initial recovery was aided by a Bitcoin bounce, but SEI's continued gains are attributed to other factors. These include a short squeeze targeting liquidity pools near $0.06 and potentially the upcoming 'Giga' upgrade, which aims to improve the network's speed and privacy. The rally faces a key test at the $0.06 resistance level. Its ability to break through depends heavily on upcoming U.S. inflation data. Softer-than-expected data could renew risk-on appetite, potentially allowing SEI to flip $0.06 into support and target $0.07 (a further ~12% gain). Conversely, high inflation could trigger a risk-off mood and stall the rally. Overall, while seller exhaustion and ecosystem catalysts have fueled gains, SEI's near-term trajectory remains tied to broader market sentiment dictated by macroeconomic data.

ambcryptoHace 1 hora(s)

Is upcoming ‘Giga’ upgrade true driver behind SEI’s 30% rally?

ambcryptoHace 1 hora(s)

MIM Stablecoin Slips From Peg As Abracadabra Liquidity Stress Returns

Magic Internet Money (MIM) has again fallen below its $1 peg, renewing liquidity stress for its issuer, the Abracadabra ecosystem. This depeg puts focus on the balance within its key Curve pool, where significant imbalances can hinder arbitrage and erode confidence. The incident revives concerns about risks inherent in DeFi-native stablecoins, including collateral quality, governance, and liquidity, especially during broader market pressure. For traders, monitoring the MIM price, Curve pool dynamics, and Abracadabra's communications is crucial. While a swift return to peg would ease concerns, a persistent discount risks triggering forced position unwinds. The episode underscores that stablecoin risk extends beyond centralized issuers and serves as a data point in a market already contending with thin liquidity, regulatory scrutiny, and institutional product evolution.

bitcoinistHace 1 hora(s)

MIM Stablecoin Slips From Peg As Abracadabra Liquidity Stress Returns

bitcoinistHace 1 hora(s)

Trading

Spot

Futuros

Artículos destacados

Cómo comprar ADA

¡Bienvenido a HTX.com! Hemos hecho que comprar Cardano (ADA) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar Cardano (ADA) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu Cardano (ADA)Después de comprar tu Cardano (ADA), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear Cardano (ADA)Tradear fácilmente con Cardano (ADA) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

1.5k Vistas totalesPublicado en 2024.12.10Actualizado en 2026.06.02

Discusiones

Bienvenido a la comunidad de HTX. Aquí puedes mantenerte informado sobre los últimos desarrollos de la plataforma y acceder a análisis profesionales del mercado. A continuación se presentan las opiniones de los usuarios sobre el precio de ADA (ADA).