Cardano wallet SecondFi has identified a recovery path for users affected by Tuesday’s exploit and expects to begin returning assets in about two weeks after testing and security reviews.
According to a week statement According to Philip Poon, CEO of SecondFi developer Emorgo, the company has completed a forensic investigation and established a recovery path for affected customers. Pawan said the coming week will be spent building the solution, followed by another week of testing before asset returns begin.
Pon urged users to refrain from transferring assets or taking action outside official guidance, saying the recovery process was designed around existing wallet states and that independent action could complicate the safe return of funds.
SecondFi developer Emorgo shared an update on wallet recovery efforts. Source: Emorgo
SecondFi disclosed a security breach on Tuesday that affected about 16 million ADAs at 374 addresses, worth about $2.4 million at the time. SecondFi previously said it traced the incident to an address-level issue in its Cardano web wallet generation software that exposed users’ private keys.
Related: Q2 2026 emerged as the most hacked quarter on record with 83 incidents.
The company also said it secured approximately 129 million ADA through emergency measures and transferred the funds to an independent third-party custodian, where they will remain until the verification and recovery process is complete.
SecondFi has not yet published a comprehensive post-mortem detailing the vulnerability or how it was exploited.
SecondFi warns of recovery scams.
In a separate update on Saturday, Sec warned that malicious actors are circulating fraudulent messages impersonating the wallet while efforts to recover it are ongoing.
The company said that no recovery actions have been initiated that require user participation and that it will never ask users for private keys, passphrases, wallet credentials or direct wallet access.
SecondFi said any message that directs users to submit wallet information, transfer assets or take immediate action outside of its verified communication channels should be treated as fraud.
It added that users who need assistance should submit tickets through their official support portal while the recovery process continues.
Magazine: AI is banking the unbanked in Africa… faster than crypto