Around 16 million ADA, worth $2.4 million, was drained from Cardano wallets after an exploit hit SecondFi, a self-custody platform. The incident, disclosed on March 27, targeted the platform's wallet generation software, prompting immediate security measures.
Incident and Response
SecondFi alerted users on X about a security issue affecting a small number of wallets. The platform contained the breach, paused front-end interactions, and entered maintenance mode. An update identified the root cause as a flaw in its native Cardano web wallet generation software.
Impact and Warnings
SecondFi stated it took "extraordinary steps to protect remaining assets where possible," suggesting some users may not recover losses. The firm is conducting an on-chain analysis and finalizing an independent review with a blockchain security firm. Blink Labs, a software developer, warned that all wallets generated by SecondFi are unsafe and advised users to switch wallets immediately.