Cardano wallet exploit: SecondFi traces attack to private key flaw, warns users not to restore seed phrases

ambcryptoPubblicato 2026-06-25Pubblicato ultima volta 2026-06-25

Introduzione

SecondFi has identified the root cause of the recent Cardano wallet exploit, which drained approximately 16 million ADA ($2.4 million) from 374 wallets. The attack stemmed from a deterministic nonce derivation flaw in its software signer, allowing attackers to mathematically reconstruct private keys from public blockchain data after transactions were signed. The company warns affected users not to restore their compromised recovery phrases into another wallet, as the vulnerability exists at the private key level, meaning addresses remain exposed. Users are advised against moving funds or withdrawing staking rewards and should instead await SecondFi's official recovery process. Emergency containment has secured around 129 million ADA pending recovery. SecondFi has launched a restoration fund, engaged external security auditors, and identified two attacker groups responsible for the automated draining campaigns between June 21 and 23. The platform remains in maintenance mode during ongoing security reviews.

SecondFi has identified the root cause of the recent exploit that targeted hundreds of Cardano wallets. It warned affected users not to restore their recovery phrases into another wallet, as the compromise occurs at the private key level rather than the wallet application itself.

In an investigation update published on June 25, the Cardano wallet provider said the attack stemmed from a deterministic nonce derivation flaw in its software signer. This allowed attackers to mathematically reconstruct private keys from publicly available blockchain data after affected addresses signed transactions.

The findings come days after the exploit drained approximately 16 million ADA, worth about $2.4 million. It affected 374 wallets across four separate wallet-draining events.

SecondFi says signing flaw exposed private keys

According to SecondFi, the vulnerability existed at the address level. This means compromised keys remain exposed even if users import the same recovery phrase into another Cardano wallet.

The company said every transaction signed by an affected address leaked sufficient information for attackers to derive that address’s private key from on-chain data.

As a result, SecondFi urged affected users not to migrate their recovery phrases to another wallet or attempt to move funds independently. It warned that compromised addresses could be drained again.

It also cautioned against withdrawing staking rewards, as such transactions could expose funds to attackers monitoring the mempool.

Instead, the wallet provider advised affected users to wait for its official recovery process while submitting claims through its support portal.

Recovery effort enters next phase

SecondFi said it has completed mapping all wallets affected during the initial exploit and has begun the next stage of its recovery program.

The company confirmed that 374 wallet addresses were impacted, with approximately 16 million ADA compromised. It added that emergency containment efforts have already secured around 129 million ADA, which is being held pending recovery operations.

SecondFi has also established a dedicated restoration fund to reimburse affected users and engaged multiple external security firms to audit its systems before resuming normal operations.

The platform remains in maintenance mode while independent security reviews continue.

Investigators identify two attacker groups

As part of its latest update, SecondFi said it had identified and isolated the blockchain addresses associated with two attackers responsible for the automated wallet-draining campaigns between June 21 and 23.

According to the investigation, one attacker drained 171 wallets across two waves. At the same time, a second actor compromised 203 wallets during a separate sweep.

The company also disclosed that approximately 4.02 million ADA linked to the exploit remains in one identified collection wallet. The wallet has been flagged and remains under active monitoring.

Final Summary

SecondFi traced the Cardano wallet exploit to a deterministic nonce-derivation flaw that enabled attackers to reconstruct private keys from public blockchain data.
The company has launched a recovery program, identified two attacker groups, and warned affected users not to restore compromised recovery phrases into other wallets.

Crypto di tendenza

CitreaCTR

wrapped stUSDTWSTUSDT

Velodrome FinanceVELODROME

BrevisBREV

ZRX（0X）ZRX

PancakeSwapCAKE

Domande pertinenti

QWhat was the root cause of the Cardano wallet exploit identified by SecondFi?

AThe root cause was a deterministic nonce derivation flaw in its software signer, which allowed attackers to mathematically reconstruct private keys from publicly available blockchain data after affected addresses signed transactions.

QWhy did SecondFi warn affected users not to restore their recovery phrases into another wallet?

ABecause the compromise occurs at the private key level, not the wallet application. This means the compromised keys remain exposed even if the recovery phrase is imported into a different Cardano wallet, and any funds moved to a new address from the same seed could be drained again.

QHow many wallets and what total amount of ADA were affected by the exploit according to the article?

AApproximately 374 wallet addresses were affected, with about 16 million ADA (worth around $2.4 million) compromised.

QWhat were the two main actions SecondFi advised affected users to take or avoid?

ASecondFi advised affected users to: 1) Wait for its official recovery process and submit claims through its support portal, and 2) Avoid migrating recovery phrases to another wallet, moving funds independently, or withdrawing staking rewards, as these actions could expose funds to attackers.

QWhat did SecondFi's investigation reveal about the attackers involved in the exploit?

AThe investigation identified two attacker groups. One drained 171 wallets across two waves, and a second actor compromised 203 wallets during a separate sweep. Approximately 4.02 million ADA linked to the exploit remains in one identified collection wallet.

Letture associate

Solstice and Tensorx to Buy $1 Billion in AI Infrastructure to Support EU Sovereign AI Demand

Solstice and TensorX have announced a partnership to finance up to $1 billion in European sovereign AI infrastructure, including AI hardware and data-center build-out to meet EU demand for localized compute. TensorX operates a fleet of NVIDIA GPUs in EU data centers with strict data residency. Solstice, an onchain settlement protocol, will provide the financing and launch a new yield-bearing asset called aiUSX. This asset allows companies to deploy capital earmarked for future AI inference costs into infrastructure lending, generating yield while keeping funds liquid. Initially capped at $5 million, aiUSX aims to help companies offset rising AI expenses. Both companies are part of the Deus X Capital ecosystem.

TheNewsCrypto44 min fa

Solstice and Tensorx to Buy $1 Billion in AI Infrastructure to Support EU Sovereign AI Demand

TheNewsCrypto44 min fa

AAVE price jumps 15% – Can $40.69M in protocol fees sustain the breakout?

AAVE price jumped over 15%, breaking a key resistance level after weeks of consolidation. The rally coincides with strong protocol fundamentals, as Aave generated over $40.69M in fees in the past 30 days, capturing more than 50% of the decentralized lending sector's fees. Network activity is growing, with USDT deposits on its Ethereum Core market nearing $3 billion, indicating deeper liquidity. Whale accumulation at current prices and a bullish long-term price forecast from Standard Chartered have also boosted optimism. The key challenge is whether buyers can hold the broken resistance as support to sustain the breakout momentum.

ambcrypto53 min fa

AAVE price jumps 15% – Can $40.69M in protocol fees sustain the breakout?

ambcrypto53 min fa

Tokenized SpaceX Stock Liquidations Show Crypto Leverage Reaching Private Markets

Tokenized SpaceX stock positions recently experienced significant liquidations, illustrating the growing risk as crypto-style leverage enters private-market equity products. This episode highlights a key tension in the tokenized asset narrative: while these products aim to democratize access to high-demand, late-stage private companies like SpaceX, pairing them with leverage transforms them into high-volatility instruments more akin to crypto derivatives than traditional equity investments. The demand for tokenized SpaceX exposure stems from its brand power, scarcity, and investor interest. However, this access does not eliminate inherent risks, including jurisdictional limits, complex redemption terms, liquidity constraints, and differences in investor rights compared to direct ownership. The incident serves as a broader warning for the tokenized real-world asset (RWA) market. For sustainable growth, platforms must establish clear rules around custody, pricing, leverage, and disclosures. Regulators are likely to scrutinize whether such products are marketed as equity access while functioning as leveraged derivatives. This story underscores ongoing market themes: increasing regulatory specificity, the integration of crypto products with traditional finance rails, and heightened sensitivity to liquidity conditions. It reinforces the need to view developments through the lens of evolving market structure, leverage, and institutional participation rather than as isolated price catalysts.

bitcoinist54 min fa

Tokenized SpaceX Stock Liquidations Show Crypto Leverage Reaching Private Markets

bitcoinist54 min fa

Is upcoming ‘Giga’ upgrade true driver behind SEI’s 30% rally?

SEI has rallied approximately 30% in June, decoupling from Bitcoin's recent weakness to trade around $0.058. The initial recovery was aided by a Bitcoin bounce, but SEI's continued gains are attributed to other factors. These include a short squeeze targeting liquidity pools near $0.06 and potentially the upcoming 'Giga' upgrade, which aims to improve the network's speed and privacy. The rally faces a key test at the $0.06 resistance level. Its ability to break through depends heavily on upcoming U.S. inflation data. Softer-than-expected data could renew risk-on appetite, potentially allowing SEI to flip $0.06 into support and target $0.07 (a further ~12% gain). Conversely, high inflation could trigger a risk-off mood and stall the rally. Overall, while seller exhaustion and ecosystem catalysts have fueled gains, SEI's near-term trajectory remains tied to broader market sentiment dictated by macroeconomic data.

ambcrypto1 h fa

Is upcoming ‘Giga’ upgrade true driver behind SEI’s 30% rally?

ambcrypto1 h fa

MIM Stablecoin Slips From Peg As Abracadabra Liquidity Stress Returns

Magic Internet Money (MIM) has again fallen below its $1 peg, renewing liquidity stress for its issuer, the Abracadabra ecosystem. This depeg puts focus on the balance within its key Curve pool, where significant imbalances can hinder arbitrage and erode confidence. The incident revives concerns about risks inherent in DeFi-native stablecoins, including collateral quality, governance, and liquidity, especially during broader market pressure. For traders, monitoring the MIM price, Curve pool dynamics, and Abracadabra's communications is crucial. While a swift return to peg would ease concerns, a persistent discount risks triggering forced position unwinds. The episode underscores that stablecoin risk extends beyond centralized issuers and serves as a data point in a market already contending with thin liquidity, regulatory scrutiny, and institutional product evolution.

bitcoinist1 h fa

MIM Stablecoin Slips From Peg As Abracadabra Liquidity Stress Returns

bitcoinist1 h fa

Trading

Spot

Futures

Articoli Popolari

Come comprare ADA

Benvenuto in HTX.com! Abbiamo reso l'acquisto di Cardano (ADA) semplice e conveniente. Segui la nostra guida passo passo per intraprendere il tuo viaggio nel mondo delle criptovalute.Step 1: Crea il tuo Account HTXUsa la tua email o numero di telefono per registrarti il tuo account gratuito su HTX. Vivi un'esperienza facile e sblocca tutte le funzionalità,Crea il mio accountStep 2: Vai in Acquista crypto e seleziona il tuo metodo di pagamentoCarta di credito/debito: utilizza la tua Visa o Mastercard per acquistare immediatamente CardanoADA.Bilancio: Usa i fondi dal bilancio del tuo account HTX per fare trading senza problemi.Terze parti: abbiamo aggiunto metodi di pagamento molto utilizzati come Google Pay e Apple Pay per maggiore comodità.P2P: Fai trading direttamente con altri utenti HTX.Over-the-Counter (OTC): Offriamo servizi su misura e tassi di cambio competitivi per i trader.Step 3: Conserva Cardano (ADA)Dopo aver acquistato Cardano (ADA), conserva nel tuo account HTX. In alternativa, puoi inviare tramite trasferimento blockchain o scambiare per altre criptovalute.Step 4: Scambia Cardano (ADA)Scambia facilmente Cardano (ADA) nel mercato spot di HTX. Accedi al tuo account, seleziona la tua coppia di trading, esegui le tue operazioni e monitora in tempo reale. Offriamo un'esperienza user-friendly sia per chi ha appena iniziato che per i trader più esperti.

1.3k Totale visualizzazioniPubblicato il 2024.12.10Aggiornato il 2026.06.02

Discussioni

Benvenuto nella Community HTX. Qui puoi rimanere informato sugli ultimi sviluppi della piattaforma e accedere ad approfondimenti esperti sul mercato. Le opinioni degli utenti sul prezzo di ADA ADA sono presentate come di seguito.