Finst

Major Security Breach at Cardano Project SecondFi Leads to Millions in Losses

The damage could climb above $20 million, while Cardano itself was not affected. An investigation should show exactly how many wallets were hit.

By Zenz van der Wielen
• 2 min read
Major Security Breach at Cardano Project SecondFi Leads to Millions in Losses

Key Takeaways

  • SecondFi, a Cardano project, was hit by a security breach in its own wallet generation software.
  • Estimates range from 16 million ADA to more than 129 million ADA, with possible losses above $20 million.
  • The Cardano protocol itself was not affected; users and developers could lose trust and liquidity.

SecondFi, a project in the Cardano ecosystem, has been hit by a serious security breach tied to a vulnerability in its own wallet generation software. Estimates of the damage range from 16 million ADA to more than 129 million ADA, along with other tokens in the affected wallets. These losses could climb above $20 million, according to analysis firm SlowMist.

Causes and Scope of the Exploit

The vulnerability was in the software SecondFi uses to generate wallets, which let attackers get access to the private keys of multiple users. The key point is that the Cardano protocol itself was not affected, the flaw was in the software layer on top of it. SecondFi carried out an on-chain analysis to map out the size of the affected addresses and is now working with an independent security firm on a technical review.

SecondFi's internal estimate puts losses at about 16 million ADA, but SlowMist says the impact is much bigger. According to founder Yu Xian, more than 129 million ADA and other tokens were moved through the attacker's addresses. That gap will likely only become clear after the independent investigation is finished.

Impact on Cardano and Users

ADA is currently trading around $0.15 (€0.13) and recently fell 3%, partly under pressure from this incident. Cardano is already at a five-year low, and the breach adds another challenge for the ecosystem, which recently launched the Leios Musashi Dojo testnet. The hack could hurt trust among developers and investors, which may affect the network's growth and liquidity.

Charles Hoskinson, founder of Cardano, acknowledged the impact and stressed that while the loss may seem relatively small compared with other crypto exploits, it can still be devastating for the affected users. Some users may have lost their entire ADA holdings, which Hoskinson said is a harsh reality in the industry.

SecondFi has not yet shared a clear recovery plan or repayment timeline. The outcome of the ongoing technical review will determine whether any of the stolen funds can be recovered, and what changes are needed to make the wallet infrastructure safer.

Why This Matters for European Crypto Users

This event highlights how important secure wallet generation is, and the risk that software bugs can pose in the infrastructure layer of crypto projects. European users who use SecondFi wallets should consider moving their assets to wallets from other providers, since wallets created with the vulnerable software may still be at risk. The incident also shows the need for stricter security measures and more caution when using crypto wallets in the European market.

Disclaimer: This content is for informational purposes only and does not constitute financial, investment, legal, or tax advice. The information provided may be incomplete, inaccurate, or outdated and should not be relied upon as such. Nothing on this website should be considered a recommendation to buy, sell, or hold any cryptocurrency. Investing in crypto-assets involves risk of loss.