Non-custodial multichain wallet Ctrl Wallet has announced it will permanently shut down on August 3, 2026, following a security exploit that compromised its platform. The closure will disable sending, receiving, swapping, and dApp connections, leaving users only the ability to export their 12- or 24-word recovery phrases.
The decision comes weeks after the wallet provider disclosed a security incident on June 23 that affected some Cardano wallets. At that time, Ctrl Wallet placed parts of its infrastructure into temporary maintenance mode while engineers investigated. Now, the company has opted for a full product wind-down, removing the app from browser extension and mobile app stores immediately and halting new downloads.
Users are strongly urged to move their funds before the deadline. Those who miss it can still access assets by importing their recovery phrase into compatible wallets such as MetaMask, Trust Wallet, or Phantom. Ctrl Wallet warned that there will be no migration token, token swap, or airdrop, and cautioned against phishing scams claiming otherwise.
The shutdown unfolds amid a series of security breaches in the crypto space. On June 24, attackers exploited a vulnerability in SecondFi—a wallet developed by Emurgo after rebranding from Yoroi—stealing roughly 16 million ADA (worth about $2.4 million). Separate incidents affected Summer.fi, Taiko, and Axelar, resulting in millions of dollars in losses.
Ctrl Wallet, formerly known as XDEFI Wallet, had over 650,000 monthly users and supported more than 2,500 blockchain networks. Its exit underscores the risks of multichain wallet infrastructure and the speed at which a security failure can terminate a platform.