SecondFi Breach Drains Cardano Wallets of Up to $20M in Estimated Losses

Cardano wallet users are reeling after SecondFi, a popular self-custody wallet app, was breached through a flaw in its web wallet-generation software. The attack drained coins, tokens, and NFTs from over 178 wallets, with losses estimated at around $2.4 million.

The team behind SecondFi has suspended services and taken a snapshot of balances to aid in recovery. However, slowMist founder Cos estimates that user losses could ultimately exceed $20 million, involving up to 129 million ADA.

The breach is particularly concerning because the flaw lies in how keys were created, compromising the wallet itself rather than just a password or device.