TLDR
- SecondFi, formerly the Yoroi Cardano wallet, suffered a security exploit on June 23 due to a flaw in its wallet key generation software
- Around 178 wallets were directly affected, with confirmed losses of approximately 16 million ADA (~$2.4 million)
- Blockchain security firm SlowMist estimates total potential losses could exceed $20 million, or up to 129 million ADA
- SecondFi suspended all services and urged its 1 million+ users to move funds to new wallets immediately
- Secondary scams are now targeting affected users, with fraudsters impersonating SecondFi support channels
SecondFi, the Cardano wallet formerly known as Yoroi, disclosed a security breach on June 23. The vulnerability was found in the platform’s web wallet generation software, which exposed the private keys of certain user wallets.
SlowMist: Cardano Ecosystem Project SecondFi Losses May Exceed $20 Million
SecondFi, a Cardano ecosystem project, said the root cause of its recent security incident has been traced to an issue in its proprietary Cardano wallet generation software. The team stated it has… pic.twitter.com/MrAluSOqaO
— Wu Blockchain (@WuBlockchain) June 24, 2026
Around 178 wallets were confirmed as directly affected in the initial assessment. Confirmed losses stand at roughly 16 million ADA, worth approximately $2.4 million, plus additional tokens and NFTs.
Blockchain security firm SlowMist put the potential total much higher. Its evaluation estimated losses could exceed $20 million, covering up to 129 million ADA. The gap between confirmed and estimated losses suggests many compromised wallets may not yet have been drained but remain at risk.
SecondFi responded by freezing user balances and switching to maintenance mode. The platform serves over one million users. It warned that any wallet created through its compromised software should be considered at risk.
No compensation timeline has been announced. No detailed audit results have been published.
Background: From Yoroi to SecondFi
SecondFi rebranded from Yoroi in April 2026. Yoroi was developed by Emurgo, one of the three founding organizations behind Cardano. It was a widely used light wallet for ADA holders who wanted self-custody without running a full node.
The rebrand gives the incident added weight. Emurgo’s connection to the Cardano founding team means this is not just a third-party failure. It involves infrastructure tied directly to the ecosystem’s origins.
Security researchers have flagged a second layer of risk following the breach. Scammers are now impersonating SecondFi support channels. They are offering fake recovery tools and attempting to collect credentials from affected users.
Anyone who has ever used SecondFi or the old Yoroi web wallet should act now. The recommended step is to generate new wallet keys using a different provider and transfer all funds immediately.
What Happens Next
A key question is whether Emurgo will step in to compensate affected users. The organization has not indicated plans to do so. Its response in the coming days will be watched closely by the Cardano community.
There is also the broader question of trust. Cardano has built an ecosystem of decentralized finance projects over several years. A breach of this scale, tied to one of its founding members, puts that reputation under pressure.
The platform has not shared a timeline for restoring services or releasing a full security audit. Users remain in a holding pattern with limited official guidance beyond the instruction to move their funds.
