UPDATE: SecondFi / Yoroi Wallet Drain
SecondFi, previously tied to Yoroi Wallet infrastructure, is now cruising through a structured recovery phase after a confirmed wallet-generation issue hit a chunk of users. The root cause has been pinned down to a flaw in the wallet creation process, where the cryptographic randomness wasn’t quite doing its job. That weakness meant some wallets ended up with predictable keys, opening the door for unauthorized access in a handful of cases.
16M ADA stolen in SecondFi incident // with larger exposure and some funds moved for protection
The confirmed impact so far sits around 16 million ADA stolen across roughly 374 wallets. On top of that, broader analysis suggests a much larger pool, up to around 129 million ADA was either exposed or pulled into protective custody actions during the response. SecondFi has made it clear that not every movement seen on-chain was theft. Some of it came from emergency containment moves, where funds were shifted into safer hands before attackers could push further in.
Scam wave rises during SecondFi incident // users warned not to share keys or follow fake recovery messages
Alongside that, SecondFi has been waving a pretty strong caution flag around scams popping up in the chaos. Fake messages and impersonation attempts have been circulating while recovery work is still underway. The company has stressed that no recovery process needing user participation has started, and they will never ask for seed phrases, private keys, wallet credentials, or direct access to wallets. Anything asking users to move funds or hand over sensitive info outside official channels is a scam. For now, users are told the only real step is submitting a support ticket through SecondFi.
Final balance snapshot locked // SecondFi sets recovery baseline for user payouts
On the recovery side, things are starting to move forward in a more structured way. SecondFi says a final balance snapshot was taken on Friday 26 June 2026, locking in a verified record of account balances after multiple rounds of earlier snapshots. That snapshot is now the baseline for figuring out who gets what during the recovery process.
SecondFi recovery system in progress // ~2-week timeline for build and testing to restore funds safely
Behind the scenes, engineering and security teams have been working non-stop to validate balances and build out a recovery system. The current timeline is sitting at about two weeks total, with roughly one week to finish building the system and another week for testing and security review. That timing could still shift a bit depending on how validation goes, but the focus is steady: get funds back safely and bring the platform back online without cutting corners.
Staged asset returns planned after testing // platform staying offline until fully secure
Once everything is tested and approved, the plan is to roll out asset returns in stages based on the final snapshot data. The platform will stay in review mode until security checks are fully cleared, and it won’t reopen until everything feels solid and locked in.
Root cause still unclear // full technical details and reimbursement outcomes remain unconfirmed
What’s still not fully clear is the deep technical breakdown of the vulnerability itself, including the exact cryptographic failure and full classification of every affected wallet. It also hasn’t been confirmed yet whether all users will be made whole in full, or whether final payouts will depend on claims and audit verification.
We are monitoring this closely and will share updates as more information becomes available. Subscribe to stay informed.
Original: SecondFi / Yoroi Wallet Drain • 6.24.2026
SecondFi, previously tied to Yoroi Wallet infrastructure, is now cruising through a structured recovery phase after a confirmed wallet-generation issue hit a chunk of users. The root cause has been pinned down to a flaw in the wallet creation process, where the cryptographic randomness wasn’t quite doing its job. That weakness meant some wallets ended up with predictable keys, opening the door for unauthorized access in a handful of cases.
16M ADA stolen in SecondFi incident // with larger exposure and some funds moved for protection
The confirmed impact so far sits around 16 million ADA stolen across roughly 374 wallets. On top of that, broader analysis suggests a much larger pool, up to around 129 million ADA was either exposed or pulled into protective custody actions during the response. SecondFi has made it clear that not every movement seen on-chain was theft. Some of it came from emergency containment moves, where funds were shifted into safer hands before attackers could push further in.
Scam wave rises during SecondFi incident // users warned not to share keys or follow fake recovery messages
Alongside that, SecondFi has been waving a pretty strong caution flag around scams popping up in the chaos. Fake messages and impersonation attempts have been circulating while recovery work is still underway. The company has stressed that no recovery process needing user participation has started, and they will never ask for seed phrases, private keys, wallet credentials, or direct access to wallets. Anything asking users to move funds or hand over sensitive info outside official channels is a scam. For now, users are told the only real step is submitting a support ticket through SecondFi.
Final balance snapshot locked // SecondFi sets recovery baseline for user payouts
On the recovery side, things are starting to move forward in a more structured way. SecondFi says a final balance snapshot was taken on Friday 26 June 2026, locking in a verified record of account balances after multiple rounds of earlier snapshots. That snapshot is now the baseline for figuring out who gets what during the recovery process.
SecondFi recovery system in progress // ~2-week timeline for build and testing to restore funds safely
Behind the scenes, engineering and security teams have been working non-stop to validate balances and build out a recovery system. The current timeline is sitting at about two weeks total, with roughly one week to finish building the system and another week for testing and security review. That timing could still shift a bit depending on how validation goes, but the focus is steady: get funds back safely and bring the platform back online without cutting corners.
Staged asset returns planned after testing // platform staying offline until fully secure
Once everything is tested and approved, the plan is to roll out asset returns in stages based on the final snapshot data. The platform will stay in review mode until security checks are fully cleared, and it won’t reopen until everything feels solid and locked in.
Root cause still unclear // full technical details and reimbursement outcomes remain unconfirmed
What’s still not fully clear is the deep technical breakdown of the vulnerability itself, including the exact cryptographic failure and full classification of every affected wallet. It also hasn’t been confirmed yet whether all users will be made whole in full, or whether final payouts will depend on claims and audit verification.
We are monitoring this closely and will share updates as more information becomes available. Subscribe to stay informed.
Original: SecondFi / Yoroi Wallet Drain • 6.24.2026
×
SUBSCRIBE TO SESSION ///
Catch the freshest Session sent straight to your inbox as soon as it's dropped!
Catch the freshest Session sent straight to your inbox as soon as it's dropped!
