Cardano’s worst wallet crisis yet? Users lose 16M ADA

Cardano is facing another large-scale challenge to its ecosystems, as user wallets were drained of over 16M ADA. The losses stem from compromised seeds in one of the commonly used Cardano wallets. 

Cardano users reported having all their funds drained, with up to 16M ADA lost. More losses are expected, as an attacker is leaking compromised private seeds. According to SlowMist, the total losses may be as high as $20M, though not all users have reported their funds missing in the initial 24 hours after the hack.

The attack was due to exposed private seeds from SecondFi, one of the widely used Cardano wallets. SecondFi completed the migration from Yoroi Wallet as of June 12, just days before the attack.

SecondFi, formerly known as the Yoroi Wallet, was built for self-custody by Emurgo Labs, a founding entity of the Cardano blockchain. This makes the attack even more worrying, as the keys were not exposed by a third party, but by one of the key builders in the Cardano ecosystem. 

As Cryptopolitan reported earlier, in 2026, Cardano was already facing doubts about its future, as apps and projects abandoned the platform. The latest attack reveals that not even self-custody is guaranteed to preserve value. 

Cardano incident affected users at the address level

According to the SecondFi team, the attack happened through exposed private keys. The team urged users not to recover their seeds on another wallet, as the funds will still be at risk even on another wallet app. 

Instead, users must move funds as fast as possible to another type of wallet. SecondFi is trying to isolate the affected addresses. 

The Cardano incident is one of the first major wallet exposures in an otherwise widely adopted network. Previously, some Web3 wallets have led to losses due to compromised private keys. Malicious versions of the Electron wallet have also directly stolen funds. However, for Cardano, this blow is much larger and may lead to even further unraveling of the network’s credibility. 

According to analysts, SecondFi wallets did not just contain some compromised keys, but potentially all generated private keys were compromised. SecondFi traced the exploit to its own wallet generation software. 

The SecondFi wallet has only paused its own frontend, while users were urged to remove the app and extensions and move funds to a hardware wallet if available.

Will ADA survive the exploit? 

Even ahead of the hack, ADA tokens were trading sideways, with little hope of recovery. Cardano was one of the projects with a strong community that held through prolonged bear markets. 

Following the exploit, ADA lost just 2.9% in the past 24 hours, dropping to $0.15. ADA is now out of the top 20 coins and tokens, slowly losing exposure and mindshare as crypto users refocus to other chains. 

ADA has already erased over 54% in the year to date, crashing from $0.42 at the start of 2026. The token has lost most hopes of catching up, as the community drifted away, while Charles Hoskinson seems to have moved on from the project. 

Hacker steals funds based on wallet activity

Users reported losing significant personal holdings of ADA. The hacker’s funds were traced to a known wallet, which started its activity early on June 24. In the past few hours, the hacker stopped the attacks, with no new outflows. The hacker also stored all the stolen Cardano NFTs in another wallet. 

Cardano researchers have noted that the exploiter may have already gained the database of available keys. Sweeping the wallets will be possible if they sign a transaction, which will allow the attacker to map the address and sweep the funds even before the user attempts a rescue transaction. 

Users are still just discovering their funds are gone, and seeking ways of recovery or redress. On-chain researchers have noted the attacker’s wallet was initially funded from a Binance account, which is potentially traceable to the user’s legal identity. 

The Cardano treasury still holds 352.4M ADA, leading to suggestions of using the funds to compensate wallet holders for their lost ADA tokens. 

If you're reading this, you’re already ahead. Stay there with our newsletter.