EMURGO, a co-founding entity of the Cardano blockchain, announced on Saturday it had identified a recovery solution for users of its SecondFi wallet, following an exploit that drained approximately $2.4 million worth of ADA between June 21 and 23. CEO Phillip Pon stated the company completed its forensic investigation and validated wallet balances, setting a two-week timeline for returning funds — one week to build the recovery mechanism and a second to test it. The breach affected 374 addresses and stemmed from what the company described as an address-level flaw in wallet-generation software that exposed users' private keys. EMURGO is one of three founding organizations of the Cardano network, and SecondFi is the rebranded version of the Yoroi wallet launched in April.
In a statement posted to X, Pon told affected users not to move funds or take steps outside SecondFi's official guidance, saying the recovery is being built around the current state of the compromised wallets. He added that no step requiring user participation had started, and that SecondFi would never ask for private keys, seed phrases, or wallet access. The Saturday post is the first time the company has attached a concrete timeline to the recovery. It has not yet published a full technical postmortem, given per-user recovery amounts, or detailed how users will claim funds.
SecondFi Records $2.4 Million Drain Across 374 Addresses Between June 21-23
SecondFi described four wallet-draining events between June 21 and 23. Three were carried out by external attackers, who took about 16 million ADA, roughly $2.4 million at the time, from 374 addresses. In the fourth event, SecondFi said it moved about 129 million ADA to an independent third-party custodian as an emergency measure to keep the funds away from the attackers. It said an external accounting firm has been engaged to verify those holdings, and that affected users can file claims through its support site.
The company said it identified two attacker wallets, one of which drained 171 wallets and the other 203, and that about 4 million ADA tied to the theft sits in a flagged collection address under monitoring. It said it has notified law enforcement.
Tibane Labs Attributes Breach to Unaudited SDK Deployed June 8
SecondFi has blamed an address-level flaw in its wallet-generation software that exposed users' private keys. It has warned that restoring an affected recovery phrase in another wallet does not remove the risk, because the exposure is triggered when a compromised address signs a transaction.
Tibane Labs published a forensic report on the incident on Saturday. Tibane Labs is developing its own wallet, and its findings track public claims made earlier on X by Mark Karpelès, the former Mt. Gox chief executive who is part of that team, meaning its analysis comes from a competing party.
Tibane said the breach was not due to nonce reuse, but an Ed25519 signing error. According to the report, the wallet's signer dropped the per-key secret that the standard mixes into each signature, so the value meant to be secret was computed from the public transaction data alone. That left it derivable by anyone and made a single signature enough to reconstruct the private key, with no second transaction or statistical attack required.
Tibane said the vulnerable signer was an experimental, unaudited SDK called trantor, published to npm by an independent developer, that replaced EMURGO's previously shipped and audited build on June 8. The first compromised signature appears onchain that same day, according to the report. Tibane said the underlying cryptographic library was sound and that the fault lay in how the wallet wired the key into it, leaving the secret nonce material unset. It said it decompiled the signed Android build, matched it to the trantor code, and recovered victim private keys from historical signatures to confirm the mechanism.
EMURGO has not published a technical postmortem and has not publicly addressed Tibane's attribution to a third-party SDK. Separately, security researcher Taylor Monahan said this week that SecondFi "rolled their own crypto" and that the software was closed source and unaudited.
EMURGO Faces Governance Questions Over Unaudited Code Deployment
Yoroi served as Cardano's main lightweight wallet for years before the SecondFi rebrand in April, and EMURGO is one of the network's three founding organizations. Tibane framed the episode less as a coding error than a governance failure, arguing that a founding entity shipped unaudited code to production in place of an audited build, without an independent review or a test that would have caught the flaw.
By Tibane's measure, only signatures made from June 8 onward are exposed, and transactions signed before that date used the audited implementation.
FAQ
What happened to SecondFi wallet users between June 21 and 23?
External attackers drained approximately $2.4 million worth of ADA from 374 addresses across three separate events. EMURGO moved an additional 129 million ADA to a third-party custodian as an emergency measure.
When did EMURGO announce a timeline for returning funds?
EMURGO CEO Phillip Pon announced on Saturday that the company had identified a recovery solution and set a two-week timeline — one week to build the recovery mechanism and a second to test it before returns begin.
What caused the SecondFi wallet exploit according to Tibane Labs?
Tibane Labs attributed the breach to an Ed25519 signing error in an unaudited SDK called trantor, which replaced EMURGO's audited build on June 8. The report stated that the vulnerable signer dropped per-key secret material, allowing private keys to be reconstructed from a single signature.
