SecondFi, previously linked to the Yoroi wallet, has halted services following a critical security flaw in its proprietary web-based wallet generation software. The vulnerability reportedly exposed private keys, leading to a significant theft of ADA tokens. Initial reports estimate losses of 16 million ADA (~$2.4M) from 374 wallets, while security firm SlowMist warns the broader impact could exceed 129 million ADA (over $20M). Crucially, the incident was confined to SecondFi's software; the Cardano blockchain protocol itself was not compromised. The core issue involves insecure private key generation, allowing attackers access to affected wallets. A primary warning for users is to avoid restoring compromised seed phrases into other wallets, as this would not resolve the underlying key exposure. Users are also cautioned against unverified recovery links or third-party refund platforms. The situation underscores that blockchain security extends beyond the protocol layer to include wallet software and key management. The community awaits a full post-mortem and confirmation of the final impact.
bitcoinist3天前




