SecondFi’s Nonce Bug Exposed Private Keys to Public Blockchain Data

Published by James Harris on June 26, 2026June 26, 2026

Cardano’s longest-standing wallet infrastructure just suffered one of the more technically sophisticated exploits in the network’s history, and the company behind it is now racing to contain the fallout before users make it worse.

SecondFi, the Cardano wallet provider formerly known as Yoroi Wallet, announced a final balance snapshot taken June 26 to begin processing refunds after automated attacks between June 21 and 23 drained funds from hundreds of wallets. The company’s investigation traced the vulnerability to a deterministic nonce derivation error in its software signer: every transaction signed by an affected address leaked enough data for attackers to reconstruct that address’s private key from publicly available on-chain information. Two separate actors carried out the campaigns, one compromising 171 wallets across two waves, another draining 203 in a separate sweep. The exploit is technically comparable to the class of nonce-reuse vulnerabilities that have periodically surfaced in Bitcoin and Ethereum signing implementations, where the mathematical relationship between repeated nonce values exposes the underlying private key, though the specific mechanism here operated at the address generation layer rather than at the application level.

The advice SecondFi issued to affected users is the part most people will underestimate: do not restore your seed phrase into another wallet, and do not claim staking rewards. The compromised keys are permanently exposed at the address level regardless of which software holds them.

EMURGO, SecondFi’s parent entity, has secured approximately 129 million ADA through emergency containment measures, held pending recovery operations, and the company has set up a dedicated restoration fund for affected users. An additional 4.02 million ADA linked to the exploit currently sits in a single collection wallet under active monitoring, with SecondFi working alongside law enforcement and Cardano ecosystem partners to restrict further movement. The broader implication for Cardano is uncomfortable: Yoroi was the default onboarding wallet for a significant portion of the network’s retail user base, and a vulnerability at the wallet generation layer means the damage radius is determined not by who was active recently, but by who ever signed a transaction from an affected address. That distinction makes full recovery accounting harder and user trust harder to rebuild.

ADA trades around $0.148, up roughly 3% in the past 24 hours, though the token has fallen more than 54% year to date from $0.42 at the start of 2026. Normal operations remain suspended pending external security audits. Affected users can submit claims through SecondFi’s official support portal now, though refund processing has not yet begun.