SecondFi Hack 2026 — $2M Exploit Analysis

Native Cardano web wallet generation software flaw drained 178+ user wallets. Formerly known as Yoroi wallet.

Details

Full Description

SecondFi, formerly the Yoroi wallet, suffered a critical flaw in its native Cardano web wallet generation software. The vulnerability allowed an attacker to derive or access private keys for user wallets. Over 178 user wallets were drained, with the project officially reporting 16 million ADA (~$2.4M) stolen. Security firm SlowMist later estimated the actual damage at approximately 129 million ADA, worth over $20 million at the time. The attacker address converted stolen ADA through USDCx. SecondFi immediately entered maintenance mode and advised users to migrate funds.

Laundering Analysis

Stolen ADA from 178+ wallets was consolidated to the attacker address addr1qxd39k4peszxlf0x59e88hngpe5u9882y2lyhdzazsq4kfvmztd2rnqyd7j7dgtjw00xsrnfc2ww5g47fw6969qptvjshwxpl3. Funds were subsequently moved through USDCx conversion, swapping ADA for USDC on Cardano-based DEX infrastructure. No major mixer usage has been publicly confirmed. SecondFi entered maintenance mode post-incident, and no freeze or recovery of the converted USDC has been reported. Cardano explorer: https://cexplorer.io/address/addr1qxd39k4peszxlf0x59e88hngpe5u9882y2lyhdzazsq4kfvmztd2rnqyd7j7dgtjw00xsrnfc2ww5g47fw6969qptvjshwxpl3

Sources

Transaction Hashes

Related Hacks

Back to Browse