SecondFi Says It Found Cause of Four ADA Theft Cases; Compensation Program Open to Affected Users

SecondFi, a project in the Cardano ecosystem, said on June 24 (UTC+8) that it has identified the underlying cause of a recent security incident and has rolled out patches for wallets not affected. The team said operations will resume shortly. SecondFi reported four unauthorized transfer events during the incident. Three were attributed to external attackers, with about 16 million ADA withdrawn from 374 addresses. To prevent additional losses while attacks were still underway, SecondFi said it executed an emergency transfer of roughly 129 million ADA to an independent third-party custodian for safekeeping. The project also engaged an external accounting firm to perform a targeted audit, aimed at supporting reconciliation and the return of assets to impacted addresses. Foresight News previously reported that SecondFi's investigation traced the issue to its proprietary Cardano web wallet address-generation software, adding that no other components were affected. Commenting on the incident, SlowMist founder Yu Xian wrote that if addresses beginning with "addr1q" are all hacker-controlled—based on observed behavior—user losses could exceed $20 million, alleging that more than 129 million ADA and other tokens were stolen. (Source: Foresight News)