SecondFi (Cardano Wallet)

2026-04-22

EMURGO announces Yoroi Wallet is rebranding to SecondFi at Money20/20 Bangkok, expanding into a self-custody neofinance platform with multichain support and global card payments.

2026-06-21

First wave of automated wallet-draining begins at approximately 8:29 PM UTC. Three collector wallets activate simultaneously, draining approximately 12 million ADA from 198 wallets. Stolen tokens are liquidated through Minswap DEX.

2026-06-22

Attacker A conducts a second wave targeting additional SecondFi wallets. Suspicious transaction activity concentrated on June 21-22 per user reports.

2026-06-23

Attacker B independently executes a third campaign compromising 203 additional wallets. SecondFi discloses the vulnerability, suspends all platform services, and enters maintenance mode. A second attacker's hub wallet sweeps approximately 135 million ADA from 2,874 wallets, transferring 129,430,001 ADA to a dormant vault in seven transactions. SecondFi triggers emergency containment, routing approximately 129 million ADA to an independent third-party custodian before further exploitation.

2026-06-24

SecondFi and EMURGO publish public disclosures. CoinDesk, BeInCrypto, and multiple crypto news outlets report confirmed losses of approximately 16 million ADA (~$2.4 million) from 374 wallets. SlowMist founder Yu Xian states total exposure including rescued funds may exceed $20 million. SecondFi warns users not to attempt seed phrase migration.

2026-06-25

SecondFi publishes an investigation update. EMURGO commits to full reimbursement for all affected users through a dedicated independently secured restoration fund. Wallet address mapping of 374 affected addresses is stated as complete. Authorities notified; legal action against responsible parties announced.