This article was first published on Deythere.
- How the SecondFi Hack Went Down
- EMURGOs Recovery Plan is Already Gearing Up
- Charles Hoskinson Says Cardano Wasn’t Breached
- New Scam Threats Are Emerging
- Conclusion
- Glossary
- Frequently Asked Questions About SecondFi Hack
- What caused the SecondFi hack?
- How much was stolen in the exploit?
- How many wallets got affected?
- Has Cardano itself been compromised?
- When will users get their cash back?
- References
For hundreds of Cardano users helplessly caught up in the recent SecondFi Hack, the first real recovery timeline has finally arrived.
EMURGO, one of the key founding bodies behind Cardano, and the company behind SecondFi, says they have completed their forensic investigations and pinpointed a way forward for users who were affected.
According to a statement from CEO Phillip Pon, the company is expecting the recovery process to take roughly two weeks, with the first week being dedicated to building the tool to help users recover their assets, and the second week focused on rigorous testing and security checks to ensure everything is secure before any of the users assets are returned.
How the SecondFi Hack Went Down
Unlike the typical kind of exploits that target smart contracts or bridges, this SecondFi Hack actually struck at the very heart of the wallet creation process.
The SecondFi hack drained about 16 million ADA from 374 wallets over the period of just two days (June 21 & 22), leaving users with a serious problem on their hands.
While EMURGOs current estimate puts confirmed losses at about $2.4 million, a number of security experts believe total exposure may have been more like twenty million dollars when one considers all the other impacted assets like tokens and NFTs, as well as other wallets that were compromised.
Tracing the breach back, investigators found that a flaw in SecondFi’s own proprietary software was to blame. A vulnerability that allowed hackers to reconstruct private keys from publicly available blockchain data after users had already signed transactions. The details of the hack are as follows:
- A total of 4 wallet draining episodes were detected during the timeframe of the attack.
- Three of these were the result of external hacking attempts.
- The 4th episode was an emergency operation conducted by the platform itself to secure user funds before additional theft could occur.
To save users from even greater losses, the 4th episode moved 129 million ADA to a third-party holding company for safekeeping.
The scale of this incident immediately spread throughout the Cardano community. The reason for this was simply that SecondFi had evolved from Yoroi, one of Cardano’s most popular wallets and the rebrand into a fully-fledged financial platform had only happened just weeks before the hack.

EMURGOs Recovery Plan is Already Gearing Up
The company says several important steps have already been completed.
Wallet balances have been checked and verified, a snapshot of the balances is now locked in place, and the affected assets are now clearly identified. That snapshot will act as the basis for the eventual reimbursement and asset restoration.
According to EMURGO, the recovery solution is being designed with the existing state of the users wallets in mind. Because of this, users are being asked not to move their funds around or restore recovery phrases into other wallets. They are also being told that attempting to do this could get in the way of the recovery process and potentially complicate things.
It is also worth noting that the two-week timeline is more of an estimate right now, less an actual deadline. EMURGO says that how long it takes for the recovery tool to be ready for use will depend on the results of the ongoing security checks.
Charles Hoskinson Says Cardano Wasn’t Breached
As the community is now getting a little nervous, Cardano founder Charles Hoskinson has been trying to reassure people that the Cardano blockchain itself never got compromised.
According to Hoskinson, the issue was isolated to a separate application built on top of Cardano, not the Cardano protocol itself, node infrastructure, or cryptographic architecture.
Hoskinson says that he has been experimenting with a recovery smart contract model that makes use of zero-knowledge proofs tied to wallet recovery phrases to verify ownership and distribute funds from a recovery pool.
During a livestream, he acknowledged the sheer emotional toll of it all on the hacked victims, pointing out that losing your cash still hurts, no matter the size of the hack.

New Scam Threats Are Emerging
The aftermath of the SecondFi hack has thrown up another problem which is impersonation scams.
EMURGO is warning that fake support accounts are already popping up on social media and messaging platforms, targeting people looking for help.
The company had to make it clear that it will never come to users asking for private keys, seed phrases, wallet details or to hand over their wallet access. No recovery action requiring users to transfer funds has started, so far.
Affected users are being directed exclusively to the official support portal to submit claims and await further instructions.
Conclusion
The SecondFi hack exposed a weakness in wallet-generating software, not the Cardano blockchain itself, but that didn’t make the aftermath any less painful.
With 16 million ADA confirmed stolen, 129 million ADA secured through emergency measures, and total loss estimates ranging from $2.4 million to about $20 million, this is a real test for EMURGO and the overall Cardano ecosystem.
Over the next two weeks, investors would be on the lookout to see if the recovery plan can restore confidence and bring back cash.
Glossary
ADA: The native cryptocurrency on the Cardano blockchain.
Private Key: A cryptographic credential that lets you control your blockchain assets.
Wallet Generation Software: The code that creates wallets and generates the right private keys.
Zero-Knowledge Proof: A cryptographic method that allows ownership verification without revealing sensitive information.
Self-Custody Wallet: A wallet where users get to control their own private keys not reliant on external third party.
Frequently Asked Questions About SecondFi Hack
What caused the SecondFi hack?
There was a flaw in the wallet-generating software used by SecondFi that let hackers reconstruct private keys and get into the affected wallets.
How much was stolen in the exploit?
SecondFi confirmed they’d lost about 16 million ADA, valued at around $2.4 million at the time. Some security researchers reckon the total exposure could be much higher, up to $20 million
How many wallets got affected?
SecondFi says 374 wallets got hit during the attack.
Has Cardano itself been compromised?
No, Cardano founder Charles Hoskinson made it clear the blockchain protocol and infrastructure were solid.
When will users get their cash back?
EMURGO estimates that recovery efforts might kick off within a couple of weeks, depending on testing and security checks.
