Skip to content
- SecondFi says its Cardano wallet software flaw led to about 16 million ADA in losses.
- SlowMist founder says user losses could theoretically exceed $20 million after review.
- SecondFi moved 129 million ADA to third-party custody to help protect user assets.
SecondFi shares an update on flaws in its Cardano web wallet software that caused a recent security breach. The project estimated losses at about 16 million ADA across three attacker-led transfer events.
The update gave users new details on the incident. It also raised questions about the full scale of losses. SecondFi said 374 addresses were affected during the breach. The team said the transfers took place through three unauthorized events.
Also Read: SBI Launches Japan’s First Trust Bank-Backed Stablecoin JPYSC Today
SecondFi Security Review Examines Wider ADA Loss Claims
The project said it has completed its on-chain analysis. It is also working with a blockchain security firm on an independent technical review. That review is expected to verify the root cause. It will also assess the full scope of affected wallets and assets.
SecondFi said the incident was limited to its native Cardano web wallet generation software. The team said the issue did not spread beyond that component. It also said patches were deployed for wallets that were not affected. Normal operations are expected to resume shortly.
However, outside analysis suggested a larger possible impact. SlowMist founder Cos, also known as Yu Xian, said wallet activity showed user losses could theoretically exceed $20 million. His estimate involved more than 129 million ADA and other tokens. That figure has not been confirmed.
SecondFi also said it moved about 129 million ADA during the incident. The funds were sent to an independent third-party custodial institution. The project said the emergency transfer was made to protect user assets. It also aimed to reduce the risk of more losses.
SecondFi Loss Gap Remains Unclear as Review Continues
The gap between both estimates remains unresolved. SecondFi has reported losses of about 16 million ADA. Cos said fund-flow analysis points to a higher possible figure. Investigators are still reviewing hacker-linked addresses and related asset movements.
SecondFi has not released a final technical report. It has also not announced a compensation plan for affected users. The next update is expected to clarify the confirmed losses. It may also explain whether user repayment options will be considered.
Users have been advised to move assets into newly created wallets. Security teams said this step can help reduce further exposure. Users were also urged to monitor wallet activity. They were told to follow official updates and verify wallet generation tools.
SecondFi users are now waiting for the independent review. The findings are expected to confirm whether the project’s first estimate is accurate or whether the wider loss claims are supported.
Also Read: Ethereum Foundation Cuts 20% of Staff in Major Organizational Restructuring
