SecondFi, the EMURGO-backed Cardano wallet platform, disclosed a critical security flaw in its native web wallet-generation software on June 23, 2026 – and the damage estimates are still climbing.
ADA is trading at approximately $0.15 at press time, down nearly 3% in 24 hours, compounding losses after the token fell below $0.20 in June and sits near multi-year lows.
The central question this incident raises is whether the SecondFi crypto hack is contained at the application layer or whether the reputational fallout from a flagship Cardano wallet bleeds into a prolonged suppression of the ADA price?
Hoskinson Breaks Silence On SecondFi Exploit
Cardano founder Charles Hoskinson (@IOHK_Charles) called the Cardano project, SecondFi hack "the unfortunate reality of crypto."
He acknowledged the losses may seem small compared to other hacks. But he said that brings no comfort… https://t.co/2ru5d74Ics pic.twitter.com/hU30okXfQV
— BSCN (@BSCNews) June 24, 2026
What Broke And Why It’s Worse Than a Typical Exploit
Most crypto security incidents trace to smart contract bugs or front-end phishing. The SecondFi breach is neither. The vulnerability sits inside the platform’s native Cardano web wallet-generation software – the system that creates wallets and derives the private keys that control funds.
Think of it like a locksmith whose key-cutting machine was secretly producing duplicate keys. Every lock made through that machine is compromised, regardless of how securely the customer stored their copy.
Blink Labs, a Cardano infrastructure firm, warned publicly that any wallet generated through the affected flow should be treated as unsafe and advised users to migrate to a different wallet immediately.
SecondFi said it has isolated the root cause. “We have isolated the root cause of the recent security incident. The issue was confined to our native Cardano web wallet generation software,” the project team said in its security update.
The platform paused all front-end activity, entered maintenance mode, and commissioned an independent technical review with a blockchain security firm.
Cardano News: Two Loss Figures, One Growing Concern
Cardano's wallet SecondFi has been exploited for potentially $20,000,000.$ADA dropped to its lowest level since December 2020 after this. pic.twitter.com/LiXBrplnI9
— Ted (@TedPillows) June 24, 2026
SecondFi’s preliminary on-chain analysis puts the total affected at approximately 16 million ADA. That figure, at current prices, represents roughly $2.4M, serious, but arguably containable for a platform backed by EMURGO, the commercial arm of the Cardano ecosystem.
SlowMist, the blockchain security firm, tells a different story. Yu Xian (known publicly as Cos), founder of SlowMist, tracked two Cardano addresses he identified as suspected attacker wallets and said the picture is significantly larger.
“The users of this wallet have likely lost over $20M,” Cos said, noting the possible loss may involve more than 129 million ADA and other tokens.
He said on-chain transaction patterns suggested the attacker obtained a batch of mnemonic phrases or private keys and moved funds over many hours, draining larger wallets first before working down to smaller ones.
On-chain community trackers have identified around 178 affected wallets, with suspicious transactions concentrated in the June 21–22 window. No stolen funds have been recovered. SecondFi has not yet published a final technical report or a compensation framework.
DISCOVER: Best Meme Coin ICOs to Invest in 2026
SecondFi’s History Makes This Hit Harder
SecondFi is the direct successor to Yoroi, the self-custody Cardano wallet that EMURGO originally launched and positioned as the ecosystem’s primary retail entry point.
When EMURGO rebranded the product as SecondFi, expanding its mandate to spending, trading, earning, and saving, it was listed in Cardano’s official app catalog. This is not a fringe third-party tool. It is a flagship product with institutional backing.
That provenance matters for the broader Cardano crypto security narrative. Ecosystem damage from wallet-layer exploits on other chains has historically been more persistent when the compromised product carried official endorsement.
The Bo Shen $42M wallet hack, which SlowMist later linked to a compromised mnemonic seed phrase, showed how exposure of a seed phrase creates recovery problems that outlast the initial incident.
For context on how the Cardano network itself has evolved during this period of pressure, the recent Van Rossem hard fork mainnet decision signals that protocol-level development continues independently of the wallet-layer crisis.
EXCLUSIVE: Earn $10 USDC Via Binance Sign-Up
Cardano Price Prediction: Three Scenarios
ADA’s technical position is fragile. The token has shed roughly 12% over the past seven days according to press-time data, and the $0.15 level represents territory last visited during the 2023 bear market trough. Here is how the path forward splits depending on how the SecondFi audit resolves:
- Bull case: The independent audit confirms SecondFi’s lower estimate of 16 million ADA affected; a compensation plan is announced within weeks; and on-chain data show the suspected attacker addresses are not actively selling. ADA retests the $0.20 level as the narrative pivots to ‘contained app-layer incident, chain unaffected.’ The Cardano protocol itself has not been implicated in the flaw.
- Base case: The audit lands somewhere between the two estimates, SecondFi publishes a partial compensation framework, and ADA consolidates in the $0.13–$0.17 range for several weeks while the market waits for confirmation that attacker wallets are dormant. Recovery is slow but not blocked.
- Bear case: SlowMist’s 129 million ADA figure is validated, attacker addresses begin distributing funds to exchanges, and no credible compensation plan emerges from EMURGO or SecondFi. Combined with existing governance disputes and the lack of a broader market catalyst, ADA tests the $0.10 level. The reputational damage to the ecosystem’s flagship self-custody tool deters new retail inflows.
The North Korea-linked crypto theft pattern documented at the G7 Evian summit illustrates how state-level actors exploit wallet-layer vulnerabilities across multiple chains, a reminder that wallet exploits carry contagion risk beyond any single ecosystem.
EXPLORE: Best Crypto Presales With Asymmetric Upside in the Current Market
The post SecondFi Hack Puts Up to 129M ADA at Risk: What It Means for Cardano appeared first on 99Bitcoins.
