SecondFi, the Cardano-based wallet platform, says it has wrapped up its forensic investigation into a June 23 exploit and is preparing to return assets to affected users within roughly two weeks. The breach drained approximately 16 million ADA, worth about $2.4 million, from 374 wallet addresses.

That $2.4 million figure, while painful, could have been far worse. The total potential exposure from the incident, including NFTs and various tokens held across compromised wallets, is estimated to exceed $20 million pending an ongoing audit.

What actually went wrong

The Cardano blockchain itself wasn’t compromised. The vulnerability lived entirely within SecondFi’s proprietary web wallet generation software, specifically in how it derived nonces during the transaction signing process.

A deterministic nonce derivation error in SecondFi’s software signer meant that once an affected address signed a transaction, attackers could reconstruct the private key using nothing more than publicly available on-chain data. No phishing emails, no social engineering, no malware. Just math.

The attacks came in three separate waves, which forensic investigators traced back to two distinct threat actors. Both have been identified and reported to authorities, according to SecondFi.

Once the team detected the breach, they moved quickly to implement emergency measures. Those protections successfully routed approximately 129 million ADA to a third-party custodian, shielding a substantial pool of assets from the attackers.

The recovery plan

SecondFi says it has completed a final balance snapshot of affected accounts and is now preparing the refund process. The platform suspended operations after the exploit was discovered and has been working through the forensic analysis ever since.

One critical piece of guidance for affected users: do not restore compromised seed phrases on other wallets. The vulnerability means those seed phrases are effectively burned. Restoring them anywhere else would simply expose the same private keys that attackers already exploited, or could exploit, on a different platform.

What this means for Cardano and wallet security

This exploit is a textbook case of why the crypto security community harps endlessly about wallet implementation details. The Cardano protocol did its job. The consensus layer was fine. Smart contracts weren’t involved. The failure point was a single piece of software sitting between users and the blockchain, one that handled cryptographic operations incorrectly.

The nonce derivation class of attack isn’t new. Similar vulnerabilities have plagued various crypto implementations over the years, including a well-documented 2013 incident involving Android’s Java SecureRandom class that affected Bitcoin wallets. That a wallet platform launched without catching this particular flaw during code review or audit raises uncomfortable questions about the security review processes that preceded SecondFi’s deployment.