EMURGO CEO Phillip Phan announced that the company has found a way to return funds to SecondFi users and plans to initiate payouts in about two weeks. According to the wallet data, the exploit affected 374 addresses, from which approximately 16 million ADA were withdrawn.
The team plans to spend the next week creating a refund mechanism and another week testing it.
SecondFi has advised users not to transfer assets and to follow only official instructions. The team specifically warned about fraudulent messages and emphasized that the service does not request private keys, seed phrases, or wallet access.
According to SecondFi, there were four incidents of fund withdrawal between June 21 and 23. In three cases, external attackers withdrew about 16 million ADA (approximately $2.4 million at the time) from 374 addresses. In the fourth incident, the team urgently transferred about 129 million ADA to an independent custodian to isolate the assets from attackers. An external audit firm is reviewing these funds.
The company also identified two attacker wallets: one linked to 171 compromised wallets and the other to 203. Approximately 4 million ADA associated with the theft are held in a flagged collection address and remain under surveillance. SecondFi reported that it has notified law enforcement agencies.
An independent report was released by Tibane Labs. According to the company, the issue was not due to nonce reuse but an Ed25519 signature error. Tibane Labs claims that on June 8, an unaudited SDK called trantor, published on npm by an independent developer, replaced the previously used verified EMURGO signature module. The company estimates that a single signed message was enough to recover the private key.
EMURGO has not published a full technical post-mortem and has not publicly responded to Tibane Labs’ findings.
The SecondFi wallet (formerly Yoroi until April) has long been a mainstay in the Cardano ecosystem. EMURGO, the company behind the application, is one of the three founding organizations of the network.
Earlier, in the second quarter of 2026, the crypto industry set a record low for the number of hacks, with 83 incidents causing total damages of $755.3 million.
