Incident FAQ
- What is the scope of the impact?
4 distinct draining events occurred. 3 were executed by external threat actors, resulting in a loss of approximately 16M ADA across 374 addresses. We are finalising an independent technical review with a leading blockchain security firm to validate our findings.
- How do I know if my wallet is affected?
The asset recovery wallet checker is now live: checker.secondfi.io
This is the only official checker, hosted on our secondfi.io domain and shared only through @secondfiapp / @secondfi_jp. It is prepared on a best-efforts basis. It will never ask you to sign a transaction. Any tool that does is a scam.
- Are all Yoroi-generated wallets compromised?
No. This incident affects a specific set of wallet addresses, not all Yoroi wallets. The vulnerability exists at the address and private key level for affected wallets. The asset recovery wallet checker will allow users to check whether their wallet has potentially been affected.
- I used Yoroi as a view-only window to a hardware wallet. Am I affected?
No. Hardware wallet users were not compromised by this incident, whether accessed through SecondFi or Yoroi.
- Can I access my wallet in the meantime?
SecondFi remains in maintenance mode while investigations continue and security reviews are being conducted. As a precaution, please do not deposit any additional funds into your existing SecondFi wallet until further notice. Should you decide to move your assets, we recommend moving your assets to a newly created wallet using a hardware wallet only. A hardware wallet is the most secure option available.
- Should I delete my SecondFi app or move it off now?
No. Do not delete the SecondFi app under any circumstances. We strongly advise retaining both the app and your seed phrase, as at least one of these two will be required to claim your assets.
- I already deleted the app. What do I do?
If you deleted the app, do not lose your seed phrase. It is now the only way to recover your assets. Recovery needs either the app or the seed phrase, and without one of them, recovery will not be possible.
- If my wallet is affected, is it safe, and when can I claim?
Assets drained in the attack will be returned through an asset recovery wallet funded by @emurgo_io. Assets secured through our emergency rescue response are protected and accessible, and we are in discussion with @IntersectMBO on the custody mechanism to hold them securely and return them to users. We are working on the process to allow users to claim back their assets safely. We will confirm here as soon as the process is validated and the onchain claims portal is available.
- Will I get my assets back, and in what form?
Our commitment remains unequivocal: to support the return of assets of all affected wallet holders from the 4 distinct wallet draining events. We intend to return the assets in their original form.
- What about my staking, DeFi positions, or NIGHT tokens?
Because every protocol works differently, we are working directly with the DEXes and LPs across the ecosystem to help their affected users. We will share more detail as this progresses.
- When can I claim, and why is it taking so long?
Our team is working with some of the leading minds in the Cardano community on an onchain claims portal. This process is complex and must be safe and therefore may require additional time beyond our previously estimated two-week timeline. We will continue to provide updates as we make progress.
- How do I submit a support ticket if I can't open the SecondFi app?
You do not need the SecondFi app to submit a ticket. Support tickets are submitted through our web portal at support.secondfi.io, which you can access directly from any browser. As a reminder, do not delete your SecondFi app as it will be required for the claims process.
- When will we understand what happened?
A full review of the incident is underway. We have engaged with external security firms and independent partners to conduct a comprehensive forensic investigation into the incident. We will continue providing transparent updates until every necessary step has been completed.
Important Security Reminder
SecondFi will NEVER request private keys, recovery phrases, or wallet credentials under any circumstances. We will never DM you first.
Any message instructing you to move assets or submit wallet information outside of our verified official channels should be treated as fraudulent. Our official channels are @secondfiapp, @secondfi_jp, and support.secondfi.io.
For support, please submit a ticket only through our official support channel at: support.secondfi.io
Updated on: 02/07/2026
Thank you!
