SecondFi, the Cardano based self-custody wallet and neofinance platform formerly known as Yoroi, disclosed a security vulnerability in its web wallet generation software that led to the unauthorized draining of roughly 16 million ADA, worth approximately 2.4 million dollars, from a small number of user wallets. The project placed its platform into maintenance mode on June 23 after detecting the issue, pausing front end interactions to contain the problem.
🚨 An Important Security Update from the SecondFi Team
We identified a security issue impacting a small number of Cardano wallets on our platform. We have contained the issue and paused the affected functions. Our engineering teams are actively working to restore full…
— SecondFi (@secondfiapp) June 23, 2026
According to SecondFi’s official statement, the root cause was isolated to its native Cardano web wallet generation software. The team has completed on chain analysis and is working with a leading blockchain security firm for an independent technical review. It has also taken a snapshot of user balances and is collaborating with entities including Input Output (IOG), the Cardano Foundation, and other Cardano ecosystem participants to monitor fund flows.
Security researcher Cos, co founder of SlowMist, analyzed on chain activity and estimated that total losses could exceed 20 million dollars, including over 129 million ADA and other tokens. He identified specific addresses believed to be controlled by the attacker, including addr1q8g8…ss7vuz99 and addr1qxd3…shwxpl3. Cos noted that drains appeared to continue over an extended period.
SecondFi has stated that the issue affected only a limited number of wallets created through its web interface and has urged users to remain vigilant against impersonators and scams during the maintenance period. Official support is available only through their ticket system.
SecondFi, developed by EMURGO, a founding entity of the Cardano blockchain, positions itself as a self custody platform for spending, trading, earning, and saving on Cardano. This marks a significant security incident for the wallet, which evolved from the long standing Yoroi wallet.
The incident comes at a time when the Cardano ecosystem is facing challenges. The network has recently been grappling with governance disputes and questions surrounding Charles Hoskinson’s handling of a 1,096 BTC treasury matter, adding to broader concerns among parts of the community over transparency and decision making within the ecosystem.
The community has also been divided over a proposed $52 million research funding initiative, a debate that has further highlighted disagreements over how Cardano’s resources should be allocated and how the ecosystem should prioritize future development. The network continues to see low DeFi activity with Total Value Locked (TVL) at around $85.76 million and lower trading volumes compared to leading blockchains.
The platform remains in maintenance mode while its engineering team works to restore functionality. Further updates on compensation for affected users and detailed investigation findings are expected in the coming days. The exploit also adds to a growing list of wallet security incidents across the crypto industry, following other high profile breaches that exposed weaknesses in wallet infrastructure and internal security controls.
SecondFi has not disclosed additional details on the exact number of impacted users or full recovery plans. Users with funds on the platform are advised to monitor official channels for further instructions.
