Cardano wallet SecondFi says it has identified a recovery pathway for users affected by a Tuesday exploit and expects to begin returning assets in roughly two weeks. The plan follows forensic
Cardano wallet SecondFi says it has identified a recovery pathway for users affected by a Tuesday exploit and expects to begin returning assets in roughly two weeks. The plan follows forensic work, security reviews, and additional testing to ensure the process can safely operate across the wallet states involved in the incident.
In an update shared on Saturday, Phillip Pon, CEO of SecondFi developer Emurgo, said the company completed its forensic investigation and “established a recovery pathway” for affected users. Pon added that the coming week would be used to build the solution, followed by another week devoted to testing before any assets are returned.
SecondFi’s recovery roadmap is centered on work Pon said has already been completed: forensic investigations and the establishment of a recovery pathway tailored to the wallet conditions created by the exploit. Pon indicated that the company’s next step is engineering the recovery mechanism, with a dedicated testing phase immediately afterward.
Importantly, Pon urged users to avoid moving assets or taking actions outside SecondFi’s official instructions while the recovery process is prepared. He said the recovery approach is designed around existing wallet states, and independent user actions could introduce variables that make a secure return of funds harder to complete.
SecondFi previously disclosed the security breach on Tuesday, reporting that it affected approximately 16 million ADA, worth about $2.4 million at the time, across 374 addresses. According to the wallet’s earlier reporting, the incident was traced to an address-level issue tied to SecondFi’s Cardano web wallet generation software, which exposed users’ private keys.
Separate from the impact on those exposed addresses, SecondFi said it secured roughly 129 million ADA through emergency measures. The company then moved those funds to an independent third-party custodian, where they will remain until SecondFi completes verification and recovery.
As of the Saturday update, SecondFi has not published a full post-mortem describing the vulnerability in detail or outlining precisely how the exploit was carried out.
Alongside the recovery timeline, SecondFi warned that malicious actors are spreading fraudulent messages while its recovery effort is underway. The wallet emphasized that no recovery actions requiring user participation have begun.
SecondFi said it will never ask users for private keys, seed phrases, wallet credentials, or direct wallet access. It urged users to treat any messages instructing them to submit wallet information, migrate assets, or take immediate steps outside verified communication channels as scams.
For users who need help, SecondFi directed them to submit a ticket through its official support portal while the recovery process is still being built and tested.
For affected users, the most practical element of Saturday’s update is the sequencing: SecondFi is not requesting immediate user action, and it is framing the recovery work around wallet states that already exist from the time of the incident. That matters because ad hoc user behavior—such as moving funds or switching wallet setups during a recovery window—can create mismatches between what a recovery solution expects and what is actually on-chain.
The custodian step also signals that SecondFi is treating the recovered funds as subject to verification before release. While this does not eliminate uncertainty for users whose keys were exposed, it does provide an explicit holding point that, in principle, can reduce the risk of funds being moved without a defined recovery process.
Readers should watch for SecondFi’s testing milestones and any further technical disclosures about what went wrong, as the company has not yet released a comprehensive post-mortem. In the meantime, the practical priority remains clear: follow only verified SecondFi guidance and ignore any unsolicited messages demanding wallet access or recovery “assistance.”
This article was originally published as SecondFi Plans Two-Week Return After Cardano Wallet Exploit Forensics on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.
