Key Takeaways
- A critical security vulnerability struck SecondFi (previously Yoroi Cardano wallet) on June 23, originating from defective wallet key generation technology
- Approximately 178 wallets have been confirmed as compromised, with verified damages reaching 16 million ADA (roughly $2.4 million)
- Security analysts at SlowMist project that ultimate damages may surpass $20 million, potentially affecting up to 129 million ADA
- The platform has halted operations entirely and advised its user base of over one million to immediately transfer assets to alternative wallets
- Fraudulent schemes have emerged targeting victims, with scammers posing as official SecondFi customer service representatives
On June 23, SecondFi—the Cardano wallet service previously operating under the Yoroi brand—revealed a critical security compromise. The breach stemmed from a defect within the platform’s web-based wallet creation software that left user private keys vulnerable to exposure.
Initial analysis identified approximately 178 wallets as directly impacted by the security incident. Verified damages currently total around 16 million ADA, translating to approximately $2.4 million in value, alongside various digital tokens and non-fungible assets.
Blockchain security specialists SlowMist have presented a significantly more alarming assessment. Their analysis indicates potential damages exceeding $20 million, encompassing as many as 129 million ADA tokens. The substantial disparity between confirmed and projected losses implies numerous vulnerable wallets have yet to be exploited but remain exposed to attack.
In response to the crisis, SecondFi immediately froze customer holdings and transitioned the platform into maintenance status. With a user population exceeding one million, the service has cautioned that any wallet generated using the compromised infrastructure must be treated as potentially vulnerable.
Officials have not established a reimbursement schedule. Comprehensive security assessment findings remain unpublished.
Background: From Yoroi to SecondFi
The SecondFi rebrand occurred in April 2026, transitioning from its original Yoroi identity. Yoroi originated through Emurgo, a founding entity within the Cardano ecosystem’s core triumvirate. The wallet served as a popular lightweight solution for ADA holders seeking self-custody capabilities without operating full blockchain nodes.
The platform’s heritage amplifies the incident’s significance. Emurgo’s foundational relationship with the Cardano network means this represents more than an external vendor failure. The compromise involves infrastructure fundamentally linked to the ecosystem’s core development.
Cybersecurity analysts have identified an additional threat vector emerging from the breach. Malicious actors are now masquerading as official SecondFi support personnel. These fraudsters are distributing counterfeit recovery applications and attempting to harvest user authentication credentials.
Any individual with a history of using SecondFi or the legacy Yoroi web wallet should take immediate protective action. Security experts recommend generating fresh wallet credentials through an alternative service provider and executing immediate fund transfers.
What Happens Next
A critical uncertainty involves whether Emurgo will assume financial responsibility for affected customers. The organization has not signaled any compensation intentions. Community observers will scrutinize the entity’s response in forthcoming days.
The incident also raises fundamental trust concerns. Cardano has cultivated a substantial decentralized finance infrastructure throughout recent years. A security failure of this magnitude, connected to a founding organization, creates significant reputational challenges.
SecondFi has not communicated a restoration schedule for platform operations or committed to publishing comprehensive security audit documentation. Users continue waiting with minimal official direction beyond urgent advisories to relocate their digital assets.
