The Treasury SecondFi (formerly known as Yoroi), which operates on the Cardano network, has faced a serious fund leak due to vulnerabilities in its own software. An error in the process of generating and signing transactions allowed intruders to compromise users' private keys. According to the company’s preliminary data, the incident affected about 374 addresses and the direct damage amounted to approximately 16 million ADA, equivalent to $2.4 million at the exchange rate of June 23, 2026. However, the basic protocol of Cardano itself was not affected.

The problem is a deterministic error when displaying the nonce parameter used for signing. This defect allowed hackers to recover private keys from public blockchain data for vulnerable addresses. The incident highlights a growing trend in the crypto industry: attackers are increasingly attacking not the blockchain protocols or smart contracts themselves, but the client infrastructure responsible for creating and storing keys. As an emergency measure, SecondFi transferred some 129 million ADA to an independent third-party castaneer for safekeeping and subsequent return of funds. However, SlowMist analysts estimate that the actual losses, including both altcoins and NFTs, could exceed $20 million.

The situation is complicated by conflicting recommendations: SecondFi advises users not to import SIM phrases into other wallets and not to sign transactions before receiving official instructions, while independent experts urge immediate evacuation of funds to new addresses. Against this background, phishing accounts that mimic tech support have become more active online. Cardano founder Charles Hoskinson has separately emphasized that SecondFi does not have any business or ownership relationship with his company IOG. However, the IOG response team has already contacted the platform, which requested an independent security audit.