The Cardano ecosystem is reeling from a major security incident after the SecondFi wallet (formerly Yoroi) was exploited, with blockchain security firm SlowMist now estimating losses could exceed $20 million. This figure is nearly ten times higher than the $2.4 million that SecondFi officially reported shortly after the breach was discovered. The incident has forced the platform into maintenance mode, pausing all front-end transactions and prompting widespread warnings about fake support accounts and impersonators.
On June 23, 2026, SecondFi acknowledged a security issue affecting a small number of Cardano wallets on its platform. The team stated the issue was contained and paused affected functions, leaving users unable to complete any transactions. Community alerts advised users to check balances through public Cardano explorers and to avoid interacting with the platform until further notice. Meanwhile, warnings emerged about an "immediate surge in fake 'support' accounts" attempting to steal seed phrases.
Hours later, SlowMist founder Cos revealed that an address believed to belong to the hacker has accumulated approximately 129 million ADA, along with other cryptocurrencies. The independent analysis sharply contrasts with SecondFi's initial loss report, raising serious questions about the true scope of the attack and the project's transparency. As of now, SecondFi has not released additional details on the hacker's movements or any compensation plan for affected users.
The exploit did not compromise the Cardano blockchain itself but exposed critical vulnerabilities in third-party wallet applications. For Cardano users, the event underscores the importance of due diligence when choosing wallets and the need for rigorous security audits. Affected users are urged to monitor official channels, consider moving funds to hardware wallets, and avoid any interactions with the compromised platform until a clear remediation roadmap is provided.
