Cardano wallet exploit: SecondFi traces attack to private key flaw, warns users not to restore seed phrases

ambcrypto2026-06-25 tarihinde yayınlandı2026-06-25 tarihinde güncellendi

Özet

SecondFi has identified the root cause of the recent Cardano wallet exploit, which drained approximately 16 million ADA ($2.4 million) from 374 wallets. The attack stemmed from a deterministic nonce derivation flaw in its software signer, allowing attackers to mathematically reconstruct private keys from public blockchain data after transactions were signed. The company warns affected users not to restore their compromised recovery phrases into another wallet, as the vulnerability exists at the private key level, meaning addresses remain exposed. Users are advised against moving funds or withdrawing staking rewards and should instead await SecondFi's official recovery process. Emergency containment has secured around 129 million ADA pending recovery. SecondFi has launched a restoration fund, engaged external security auditors, and identified two attacker groups responsible for the automated draining campaigns between June 21 and 23. The platform remains in maintenance mode during ongoing security reviews.

SecondFi has identified the root cause of the recent exploit that targeted hundreds of Cardano wallets. It warned affected users not to restore their recovery phrases into another wallet, as the compromise occurs at the private key level rather than the wallet application itself.

In an investigation update published on June 25, the Cardano wallet provider said the attack stemmed from a deterministic nonce derivation flaw in its software signer. This allowed attackers to mathematically reconstruct private keys from publicly available blockchain data after affected addresses signed transactions.

The findings come days after the exploit drained approximately 16 million ADA, worth about $2.4 million. It affected 374 wallets across four separate wallet-draining events.

SecondFi says signing flaw exposed private keys

According to SecondFi, the vulnerability existed at the address level. This means compromised keys remain exposed even if users import the same recovery phrase into another Cardano wallet.

The company said every transaction signed by an affected address leaked sufficient information for attackers to derive that address’s private key from on-chain data.

As a result, SecondFi urged affected users not to migrate their recovery phrases to another wallet or attempt to move funds independently. It warned that compromised addresses could be drained again.

It also cautioned against withdrawing staking rewards, as such transactions could expose funds to attackers monitoring the mempool.

Instead, the wallet provider advised affected users to wait for its official recovery process while submitting claims through its support portal.

Recovery effort enters next phase

SecondFi said it has completed mapping all wallets affected during the initial exploit and has begun the next stage of its recovery program.

The company confirmed that 374 wallet addresses were impacted, with approximately 16 million ADA compromised. It added that emergency containment efforts have already secured around 129 million ADA, which is being held pending recovery operations.

SecondFi has also established a dedicated restoration fund to reimburse affected users and engaged multiple external security firms to audit its systems before resuming normal operations.

The platform remains in maintenance mode while independent security reviews continue.

Investigators identify two attacker groups

As part of its latest update, SecondFi said it had identified and isolated the blockchain addresses associated with two attackers responsible for the automated wallet-draining campaigns between June 21 and 23.

According to the investigation, one attacker drained 171 wallets across two waves. At the same time, a second actor compromised 203 wallets during a separate sweep.

The company also disclosed that approximately 4.02 million ADA linked to the exploit remains in one identified collection wallet. The wallet has been flagged and remains under active monitoring.

Final Summary

SecondFi traced the Cardano wallet exploit to a deterministic nonce-derivation flaw that enabled attackers to reconstruct private keys from public blockchain data.
The company has launched a recovery program, identified two attacker groups, and warned affected users not to restore compromised recovery phrases into other wallets.

Trend Kriptolar

CitreaCTR

wrapped stUSDTWSTUSDT

Velodrome FinanceVELODROME

BrevisBREV

ZRX（0X）ZRX

PancakeSwapCAKE

İlgili Sorular

QWhat was the root cause of the Cardano wallet exploit identified by SecondFi?

AThe root cause was a deterministic nonce derivation flaw in its software signer, which allowed attackers to mathematically reconstruct private keys from publicly available blockchain data after affected addresses signed transactions.

QWhy did SecondFi warn affected users not to restore their recovery phrases into another wallet?

ABecause the compromise occurs at the private key level, not the wallet application. This means the compromised keys remain exposed even if the recovery phrase is imported into a different Cardano wallet, and any funds moved to a new address from the same seed could be drained again.

QHow many wallets and what total amount of ADA were affected by the exploit according to the article?

AApproximately 374 wallet addresses were affected, with about 16 million ADA (worth around $2.4 million) compromised.

QWhat were the two main actions SecondFi advised affected users to take or avoid?

ASecondFi advised affected users to: 1) Wait for its official recovery process and submit claims through its support portal, and 2) Avoid migrating recovery phrases to another wallet, moving funds independently, or withdrawing staking rewards, as these actions could expose funds to attackers.

QWhat did SecondFi's investigation reveal about the attackers involved in the exploit?

AThe investigation identified two attacker groups. One drained 171 wallets across two waves, and a second actor compromised 203 wallets during a separate sweep. Approximately 4.02 million ADA linked to the exploit remains in one identified collection wallet.

İlgili Okumalar

Solstice and Tensorx to Buy $1 Billion in AI Infrastructure to Support EU Sovereign AI Demand

Solstice and TensorX have announced a partnership to finance up to $1 billion in European sovereign AI infrastructure, including AI hardware and data-center build-out to meet EU demand for localized compute. TensorX operates a fleet of NVIDIA GPUs in EU data centers with strict data residency. Solstice, an onchain settlement protocol, will provide the financing and launch a new yield-bearing asset called aiUSX. This asset allows companies to deploy capital earmarked for future AI inference costs into infrastructure lending, generating yield while keeping funds liquid. Initially capped at $5 million, aiUSX aims to help companies offset rising AI expenses. Both companies are part of the Deus X Capital ecosystem.

TheNewsCrypto44 dk önce

Solstice and Tensorx to Buy $1 Billion in AI Infrastructure to Support EU Sovereign AI Demand

TheNewsCrypto44 dk önce

AAVE price jumps 15% – Can $40.69M in protocol fees sustain the breakout?

AAVE price jumped over 15%, breaking a key resistance level after weeks of consolidation. The rally coincides with strong protocol fundamentals, as Aave generated over $40.69M in fees in the past 30 days, capturing more than 50% of the decentralized lending sector's fees. Network activity is growing, with USDT deposits on its Ethereum Core market nearing $3 billion, indicating deeper liquidity. Whale accumulation at current prices and a bullish long-term price forecast from Standard Chartered have also boosted optimism. The key challenge is whether buyers can hold the broken resistance as support to sustain the breakout momentum.

ambcrypto53 dk önce

AAVE price jumps 15% – Can $40.69M in protocol fees sustain the breakout?

ambcrypto53 dk önce

Tokenized SpaceX Stock Liquidations Show Crypto Leverage Reaching Private Markets

Tokenized SpaceX stock positions recently experienced significant liquidations, illustrating the growing risk as crypto-style leverage enters private-market equity products. This episode highlights a key tension in the tokenized asset narrative: while these products aim to democratize access to high-demand, late-stage private companies like SpaceX, pairing them with leverage transforms them into high-volatility instruments more akin to crypto derivatives than traditional equity investments. The demand for tokenized SpaceX exposure stems from its brand power, scarcity, and investor interest. However, this access does not eliminate inherent risks, including jurisdictional limits, complex redemption terms, liquidity constraints, and differences in investor rights compared to direct ownership. The incident serves as a broader warning for the tokenized real-world asset (RWA) market. For sustainable growth, platforms must establish clear rules around custody, pricing, leverage, and disclosures. Regulators are likely to scrutinize whether such products are marketed as equity access while functioning as leveraged derivatives. This story underscores ongoing market themes: increasing regulatory specificity, the integration of crypto products with traditional finance rails, and heightened sensitivity to liquidity conditions. It reinforces the need to view developments through the lens of evolving market structure, leverage, and institutional participation rather than as isolated price catalysts.

bitcoinist54 dk önce

Tokenized SpaceX Stock Liquidations Show Crypto Leverage Reaching Private Markets

bitcoinist54 dk önce

Is upcoming ‘Giga’ upgrade true driver behind SEI’s 30% rally?

SEI has rallied approximately 30% in June, decoupling from Bitcoin's recent weakness to trade around $0.058. The initial recovery was aided by a Bitcoin bounce, but SEI's continued gains are attributed to other factors. These include a short squeeze targeting liquidity pools near $0.06 and potentially the upcoming 'Giga' upgrade, which aims to improve the network's speed and privacy. The rally faces a key test at the $0.06 resistance level. Its ability to break through depends heavily on upcoming U.S. inflation data. Softer-than-expected data could renew risk-on appetite, potentially allowing SEI to flip $0.06 into support and target $0.07 (a further ~12% gain). Conversely, high inflation could trigger a risk-off mood and stall the rally. Overall, while seller exhaustion and ecosystem catalysts have fueled gains, SEI's near-term trajectory remains tied to broader market sentiment dictated by macroeconomic data.

ambcrypto1 saat önce

Is upcoming ‘Giga’ upgrade true driver behind SEI’s 30% rally?

ambcrypto1 saat önce

MIM Stablecoin Slips From Peg As Abracadabra Liquidity Stress Returns

Magic Internet Money (MIM) has again fallen below its $1 peg, renewing liquidity stress for its issuer, the Abracadabra ecosystem. This depeg puts focus on the balance within its key Curve pool, where significant imbalances can hinder arbitrage and erode confidence. The incident revives concerns about risks inherent in DeFi-native stablecoins, including collateral quality, governance, and liquidity, especially during broader market pressure. For traders, monitoring the MIM price, Curve pool dynamics, and Abracadabra's communications is crucial. While a swift return to peg would ease concerns, a persistent discount risks triggering forced position unwinds. The episode underscores that stablecoin risk extends beyond centralized issuers and serves as a data point in a market already contending with thin liquidity, regulatory scrutiny, and institutional product evolution.

bitcoinist1 saat önce

MIM Stablecoin Slips From Peg As Abracadabra Liquidity Stress Returns

bitcoinist1 saat önce

İşlemler

Spot

Futures

Popüler Makaleler

ADA Nasıl Satın Alınır

HTX.com’a hoş geldiniz! Cardano (ADA) satın alma işlemlerini basit ve kullanışlı bir hâle getirdik. Adım adım açıkladığımız rehberimizi takip ederek kripto yolculuğunuza başlayın. 1. Adım: HTX Hesabınızı OluşturunHTX'te ücretsiz bir hesap açmak için e-posta adresinizi veya telefon numaranızı kullanın. Sorunsuzca kaydolun ve tüm özelliklerin kilidini açın. Hesabımı Aç2. Adım: Kripto Satın Al Bölümüne Gidin ve Ödeme Yönteminizi SeçinKredi/Banka Kartı: Visa veya Mastercard'ınızı kullanarak anında Cardano (ADA) satın alın.Bakiye: Sorunsuz bir şekilde işlem yapmak için HTX hesap bakiyenizdeki fonları kullanın.Üçüncü Taraflar: Kullanımı kolaylaştırmak için Google Pay ve Apple Pay gibi popüler ödeme yöntemlerini ekledik.P2P: HTX'teki diğer kullanıcılarla doğrudan işlem yapın.Borsa Dışı (OTC): Yatırımcılar için kişiye özel hizmetler ve rekabetçi döviz kurları sunuyoruz.3. Adım: Cardano (ADA) Varlıklarınızı SaklayınCardano (ADA) satın aldıktan sonra HTX hesabınızda saklayın. Alternatif olarak, blok zinciri transferi yoluyla başka bir yere gönderebilir veya diğer kripto para birimlerini takas etmek için kullanabilirsiniz.4. Adım: Cardano (ADA) Varlıklarınızla İşlem YapınHTX'in spot piyasasında Cardano (ADA) ile kolayca işlemler yapın.Hesabınıza erişin, işlem çiftinizi seçin, işlemlerinizi gerçekleştirin ve gerçek zamanlı olarak izleyin. Hem yeni başlayanlar hem de deneyimli yatırımcılar için kullanıcı dostu bir deneyim sunuyoruz.

1.4k Toplam GörüntülenmeYayınlanma 2024.12.10Güncellenme 2026.06.02

Tartışmalar

HTX Topluluğuna hoş geldiniz. Burada, en son platform gelişmeleri hakkında bilgi sahibi olabilir ve profesyonel piyasa görüşlerine erişebilirsiniz. Kullanıcıların ADA (ADA) fiyatı hakkındaki görüşleri aşağıda sunulmaktadır.