SecondFi Breach Exposes Millions in ADA Assets to Theft via Deterministic Nonce Bug

A recent security breach in the SecondFi platform has exposed millions of dollars' worth of Cardano (ADA) assets to potential theft. The company has identified a deterministic nonce derivation bug as the root cause of the issue, which allows hackers to mathematically reconstruct private keys using public blockchain information.

The team warned users not to restore seed phrases or move assets until official recovery steps are released, stating that transferring funds from one wallet app to another would not eliminate risk. The most common wallet address, known as index 0, is the most vulnerable due to its typical use for storing transactions.

SecondFi also cautioned against turning down staking rewards, which could lead to further security risks. Withdrawals may already be compromised, and hackers might have control over default addresses.