Cardano Project SecondFi Hit by Major Exploit, Losses Could Top $20 Million

SecondFi, a Cardano (ADA) project, suffered a significant security breach tied to a flaw in its own wallet generation software. Damage estimates range from 16 million ADA to more than 129 million ADA and additional tokens across compromised wallets.

ADA trades at $0.150237 as of June 24, down 3.00% over the past 24 hours. At that price, SlowMist’s upper estimate of 129 million ADA translates to roughly $19.4 million. SlowMist founder Yu Xian, known by the handle Cos, placed total losses above $20 million. Non-ADA tokens held in the compromised wallets pushed that figure beyond SecondFi’s own estimate.

How the SecondFi Exploit Unfolded

SecondFi’s team traced the breach to a vulnerability in its proprietary wallet generation software. That flaw gave attackers access to funds across multiple user wallets. Critically, Cardano’s base protocol was not the entry point. The project completed an on-chain analysis to map the scope of affected addresses.

SecondFi is now working with an independent blockchain security firm on a technical review.

The project’s internal estimate puts losses at around 16 million ADA. However, SlowMist’s analysis of hacker fund flows and wallet activity points to a larger impact. Yu Xian said more than 129 million ADA and other tokens may have moved through addresses linked to the attacker.

That discrepancy suggests the final figure will depend heavily on the outcome of the independent review.

The incident fits a pattern of infrastructure-layer attacks that gained momentum in 2026. Earlier this month, Humanity Protocol’s private key breach wiped 88% off its token’s value in 24 hours.

An attacker gained control through compromised key material. Similarly, the Syscoin bridge exploit showed how software-layer flaws often evade standard security audits. In both cases, the vulnerability came from tooling built above the base chain, not from the underlying protocol.

ADA Under Pressure After the SecondFi Exploit

ADA already trades near five-year lows. Charles Hoskinson recently proposed a Cardano rescue plan, though ADA holders remained broadly skeptical. The breach adds another headwind to an ecosystem already under strain.

Hoskinson responded to the SecondFi incident, noting that while the losses may appear small relative to other crypto exploits, they offer no comfort to those affected. He stressed that some users may have lost their entire ADA holdings, describing it as an unfortunate reality of the industry.

The exploit surfaced just one day after Cardano launched the Leios Musashi Dojo testnet. Early Cardano network activity data showed few signs of a meaningful on-chain uptick. Therefore, the breach may complicate efforts to attract new developers and liquidity to the network.

SecondFi has not disclosed a reimbursement timeline or recovery plan. The ongoing technical review will determine whether any funds remain recoverable. It will also establish what changes the project must make to its wallet infrastructure before safely resuming operations.

The post Cardano Project SecondFi Hit by Major Exploit, Losses Could Top $20 Million appeared first on BeInCrypto.