Security Incident Update — FAQ

Last updated: 8:30pm SGT 24th June 2026 SGT — This article will be updated as our investigation progresses. Please check back regularly for the latest information.

⚠️ Important: Do Not Restore Your Recovery Phrase into a new Cardano wallet

The root cause is at the address level and the security risk occurs when an affected user signs a transaction. Therefore recovery to another platform or wallet does not mitigate the risk.

Do not take any action with your wallet until official steps are communicated by SecondFi.

The only action you should take right now is to submit a support ticket at support.secondfi.io if your wallet was affected.

SecondFi will never DM you first or ask for your recovery phrase. If you receive such a message, it is a scam.

We understand that you have questions about the recent security incident. This page brings together what we know and will be updated as our investigation and recovery efforts continue.

Latest Update — 8.30pm SGT 24th June 2026

We have identified the root cause and have since rolled out a patch for all unaffected wallets. This will allow us to resume normal operations soon.

Regarding affected wallets, 4 distinct draining events occurred. 3 were executed by external threat actors, resulting in a loss of ~16m ADA across 374 addresses.

To prevent total loss during the active exploit, emergency rescue measures were triggered to secure the available ~129m ADA and continues to be routed to an independent, qualified third-party custodian, where they are held securely for the benefit of the affected wallet addresses.

An external accounting firm has been engaged for a special audit to independently verify those holdings.

We are working to facilitate the verification process so users can claim back their assets safely. Affected users should submit their claim at support.secondfi.io

We take this incident seriously and are working to ensure all assets are returned to affected users as soon as possible.

As stated, we have identified the root cause, it is at the address level. Please DO NOT RESTORE your recovery phrase into another Cardano wallet, this does not mitigate the security risk. The security risk occurs when an affected user signs a transaction.

What happened?

We identified a security issue affecting a small number of Cardano wallets on our platform. The issue was confined to our native Cardano web wallet generation software. We have contained the issue and paused the affected functions while our engineering team works to restore full functionality.

What is the scope of the impact?

4 distinct draining events occurred. 3 were executed by external threat actors, resulting in a loss of approximately 16M ADA across 374 addresses. We are finalising an independent technical review with a leading blockchain security firm to validate our findings.

Why can't I access the app or make transactions?

To protect our users, SecondFi has been temporarily placed into maintenance mode. All front-end interactions, including transactions, are currently paused. We have identified the root cause and rolled out a patch for all unaffected wallets. We will provide updates on restoration progress as soon as we are able.

Is my wallet safe right now?

For users whose wallets were impacted, emergency rescue measures were triggered to secure the available ~129M ADA. These funds are being held securely by an independent, qualified third-party custodian for the benefit of affected wallet addresses. An external accounting firm has been engaged to independently verify those holdings.

Will affected users be supported?

We take this incident seriously and are working to ensure all assets are returned to affected users as soon as possible. Affected users should submit their claim at support.secondfi.io. Further details on the claims process will be shared as soon as they are confirmed.

How will I know if my wallet was affected?

We will share information on how affected users will be identified as our investigation progresses. Please monitor this page and our official X account at x.com/secondfiapp for updates.

What should I do right now?

At this time, no action is required from you other than submitting a claim at support.secondfi.io if your wallet was affected. Please keep the following in mind:

• Do not restore your recovery phrase into a new Cardano wallet. This does not mitigate the security risk. The security risk occurs when an affected user signs a transaction.
• Do not share your recovery phrase with anyone. SecondFi team members will never ask for it.
• Ignore unsolicited messages. We are seeing a surge in scammers and impersonators taking advantage of this situation. SecondFi will never DM you first.
• Use official channels only. All official support is handled through logged tickets at support.secondfi.io.

How do I know if a message is really from SecondFi?

SecondFi team members will never:

• Send you a direct message first on any platform
• Ask for your seed phrase or recovery phrase
• Ask you to transfer funds to any address

All official communications come through our verified accounts and support portal at secondfi.io.

Who is involved in the response effort?

We are working closely with key pillars of the Cardano ecosystem. Together, we are monitoring exchange touch points and working to minimise the impact on other protocols.

Where can I get the latest updates?

• This page — updated as new information becomes available
• Official X: x.com/secondfiapp
• Support portal: secondfi.io

Our team is working around the clock and we are committed to keeping our community informed throughout this process. Thank you for your patience and continued trust in SecondFi.

Updated on: 24/06/2026