Cardano wallet SecondFi has identified a recovery path for users affected by Tuesday’s exploit and expects to begin returning assets in about two weeks, following testing and security reviews.
According to a Saturday statement by Phillip Pon, CEO of SecondFi developer Emurgo, the company completed forensic investigations and established a recovery pathway for affected users. Pon said the coming week would be spent building the solution, followed by another week of testing before assets begin to be returned.
Pon urged users to refrain from migrating assets or taking actions outside official guidance, saying the recovery process was designed around existing wallet states and that independent action could complicate the secure return of funds.
SecondFi developer Emurgo shared an update on the wallet’s recovery efforts. Source: Emurgo
SecondFi disclosed a security breach on Tuesday that affected approximately 16 million ADA, worth about $2.4 million at the time, across 374 addresses. SecondFi previously said it traced the incident to an address-level issue in its Cardano web wallet generation software that exposed users’ private keys.
Related: Q2 2026 emerges as most-hacked quarter on record with 83 incidents
The company also said it secured roughly 129 million ADA through emergency measures and transferred the funds to an independent third-party custodian, where they will remain until the verification and recovery process is complete.
SecondFi has not yet published a comprehensive post-mortem detailing the vulnerability or how the exploit was carried out.
SecondFi warns of recovery-related scams
In a separate update on Saturday, SecondFi warned that malicious actors are circulating fraudulent messages impersonating the wallet while its recovery effort remains underway.
The company said no recovery actions requiring user participation have begun and that it will never ask users for private keys, seed phrases, wallet credentials or direct wallet access.
SecondFi said any messages instructing users to submit wallet information, migrate assets or take immediate action outside its verified communication channels should be treated as fraudulent.
It added that users requiring assistance should submit a ticket through its official support portal while the recovery process continues.
Magazine: AI is banking the unbanked in Africa… faster than crypto
