exploit
SecondFi suspends services after wallet-keygen flaw drains 16M ADA
SecondFi disclosed a key-generation bug in its web wallet on June 23, draining ~16M ADA from 178 users; SlowMist puts total exposure at up to 129M ADA.
SecondFi, the Cardano self-custody platform formerly branded Yoroi, disclosed a critical flaw in its web wallet generator on June 23, 2026 and put every service into maintenance mode. The team has confirmed roughly 16 million ADA (~$2.4M at the time of disclosure) drained from 178 user wallets. Blockchain security firm SlowMist, retained for the post-mortem, says the underlying defect — predictable randomness in the seed/key derivation path — could have exposed up to 129 million ADA (~$20M) across every account ever generated through the affected code path.
The breach is the largest Cardano-ecosystem incident of 2026 by user count and lands two months after EMURGO formally rebranded Yoroi to SecondFi at Money20/20 Bangkok (April 22, 2026 announcement on cardano.org).
What happened
SecondFi disclosed the incident on June 23, 2026, after attackers began moving ADA, Cardano native tokens, and NFTs out of user wallets en masse. The platform suspended services, took a snapshot of balances, and routed users toward alternative wallets (EMURGO press release on the Yoroi → SecondFi rebrand sets the platform context; SecondFi's own incident statement is referenced through the secondary outlets below).
SlowMist's preliminary analysis traces the breach to SecondFi's proprietary web wallet generation software, which produced root cryptographic material with insufficient entropy. Every wallet derived from that generator shares a deterministically guessable seed space, so an attacker who reverse-engineers the generator can recompute private keys for any wallet it ever produced, regardless of whether the user is online, has signed a transaction recently, or has interacted with a malicious dapp.
This is not a smart-contract bug. It is a client-side cryptography bug. The chain itself is unaffected; only the keys that touched the vulnerable code path are.
Mechanism — why a keygen flaw drains every wallet at once
A Cardano (CIP-1852) HD wallet is generated from a BIP-39 mnemonic. If the generator's randomness source is predictable, the mnemonic itself is predictable. The attacker doesn't need access to the user's device, a phishing site, or a leaked seed phrase — they need only the algorithm. Once the seed is recovered, the entire derivation tree (payment, staking, governance keys) falls.
That is the failure mode SlowMist describes: a single source of entropy, weakly seeded, applied to every wallet the web app ever generated. Mobile and hardware-wallet flows that did not route through the same code path are not affected. SecondFi has not yet published the exact code range, version numbers, or commit affected — the audit is mid-flight.
On-chain trail
SlowMist has tagged at least two attacker-controlled Cardano addresses associated with the drains, used to consolidate the stolen ADA. Both are short-form addr1q… strings published in SlowMist's preliminary write-up; full strings are pending the firm's formal post-mortem. We will update once the addresses are published in canonical form, so they can be cross-checked against cardanoscan.io without typo risk.
Numbers block
- Disclosure date : 2026-06-23 (UTC)
- Wallets confirmed drained: 178
- ADA confirmed drained : ~16,000,000 ADA (~$2.4M, at disclosure-time price)
- ADA at potential risk : up to ~129,000,000 ADA (~$20M, SlowMist estimate)
- Vulnerable component : SecondFi web wallet generator (key/seed derivation)
- Audit firm : SlowMist (post-mortem in progress)
- Rebrand: Yoroi → SecondFi: 2026-04-22 (Money20/20 Bangkok)
- Parent entity : EMURGO (one of Cardano's three founding entities)
USD figures are at the ADA spot reference cited by Cryptobriefing's first-day write-up and Cryptobriefing's follow-up on the SlowMist estimate. They are pre-event references, not predictions; we will not restate them.
Impact and coordination
SecondFi says it is coordinating with Input Output Global (IOG), the Cardano Foundation, IntersectMBO, and SundaeSwap on user assistance. No reimbursement program has been announced; no timeline for one has been given. The company has not commented on whether wallets generated by the legacy Yoroi web client (pre-rebrand) share the affected derivation path — that is the single question that decides whether the upper bound is 178 users or every web-generated Yoroi user since 2018.
A wave of impersonation scams is already targeting affected users with fake recovery tools and bogus support DMs. The standard rule applies: nothing legitimate asks for a seed phrase.
What to watch
- SecondFi's full incident post-mortem — the audit scope, version range, and disclosure of the entropy source. Until that lands, the at-risk-user count is undefined.
- Whether legacy Yoroi web-generated wallets are in scope. Yoroi shipped from 2018 through the April 2026 rebrand. The pre-rebrand web client and SecondFi's web generator may share code.
- The two SlowMist-tagged attacker addresses in full form, so the drain path and any bridge/CEX hops are publicly traceable on cardanoscan.
- EMURGO's posture on compensation. EMURGO is one of Cardano's three founding entities; a non-response carries governance weight beyond the wallet's user base.
- Whether the entropy bug touches SecondFi's spending/staking integrations (Visa card, swap flows) introduced as part of the neofinance rebrand, or only the wallet generator itself.
Context — Cardano's worst wallet incident in years, not its first key-handling story
Cardano's smart-contract surface has been comparatively quiet versus EVM chains in 2026, but today's disclosure puts SecondFi alongside two earlier client-side key-derivation incidents reported in the wider ecosystem: the Trust Wallet "Wallet Core" entropy bug disclosed in April 2023 (browser-extension wallets generated with weak randomness) and the Atomic Wallet drains of June 2023 (root cause never definitively published). Three separate incidents, same shape: client-side randomness that wasn't.
For ecosystem context on Cardano's ongoing governance bandwidth, see our prior coverage of the IOG vision vote's 86.7% no and the Van Rossem PV11 hard-fork vote. The Foundation and IOG are now arbitrating both a treasury-funding rejection and an emergency wallet-vendor breach in the same fortnight.
What other outlets missed
Most write-ups stop at the 16M ADA figure. The number that matters for the next 30 days is how far back the affected derivation path goes — and whether Yoroi's pre-April-2026 web client shares it. If it does, the at-risk wallet population is years of users, not weeks. SecondFi has not yet answered that question. Until they do, the right reading is: assume any wallet you ever generated through the Yoroi/SecondFi web interface is potentially compromised, and migrate.
Sources:
- Cryptobriefing — first-day write-up: 178 wallets, ~$2.4M drained (primary secondary).
- Cryptobriefing — SlowMist post-mortem context: up to $20M exposed (cross-check).
- Cardano.org — Yoroi → SecondFi rebrand announcement, April 22, 2026 (primary, rebrand timing).
- EMURGO — Yoroi Wallet is Evolving Into SecondFi: What You Need to Know (primary, parent entity).