SecondFi says its two-week recovery plan remains on track after a $2.4 million Cardano wallet exploit that reportedly put up to $20 million in user funds at risk.
What happened in the SecondFi Cardano wallet exploit?
On June 24, SecondFi disclosed that attackers drained $2.4 million in ADA from its wallet infrastructure, with up to $20 million in additional funds initially considered at risk. The incident targeted SecondFi’s wallet layer, not the Cardano blockchain itself. For related coverage, see Coinbase and OKX Target Binance EU Users as MiCA Deadline Bites.
A wallet exploit means an attacker found a vulnerability in how SecondFi manages private keys or processes transactions on behalf of users. The underlying Cardano network continued to operate normally throughout the incident, a distinction Cardano founder Charles Hoskinson emphasized when he stated that Cardano itself was not hacked. For related coverage, see Spot Bitcoin and Ether ETFs Saw June 26 Outflows as XRP and HYPE ETFs Drew Inflows.
Hoskinson also expressed sympathy for affected users, acknowledging that some may have lost all of their ADA holdings held on the platform. The exploit adds to a string of confidence concerns around Cardano wallet security that have weighed on ADA sentiment in recent weeks.
Why SecondFi says its two-week recovery plan is still on track
SecondFi published a security incident FAQ outlining the company’s remediation steps and a two-week timeline for restoring full access and addressing affected accounts. According to SecondFi’s update, the company has contained the vulnerability and is working through a structured recovery process.
All recovery claims come from SecondFi’s own communications. No independent auditor or third party has publicly confirmed the company’s progress as of this writing. Users should treat the two-week timeline as the company’s stated target, not a verified guarantee.
The incident is a notable contrast to SecondFi’s recent partnership with Wirex on a self-custodial card product, which was designed to give users more direct control over their funds.
What this means for Cardano users and what to watch next
Current evidence suggests the exploit was isolated to SecondFi’s infrastructure. Users who hold ADA in personal wallets or through other platforms were not directly affected. The Cardano network’s consensus and transaction processing were never compromised.
Affected SecondFi users should monitor the company’s recovery updates for details on reimbursement eligibility, restored withdrawal access, and any changes to security procedures. The two-week window places the expected completion around early July.
The incident is a reminder that platform-level vulnerabilities carry different risks than blockchain-level failures. Even as projects like Base patch protocol-level bugs, custodial and semi-custodial services remain a frequent target for exploits across the industry.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.
