Join the official OpenScore community :
Telegram: @openscoreapp
WhatsApp: wa.me/971586321066
Line: line.me/ti/p/_GPRgudDF4
As of June 24, ADA was trading at $0.150237, down 3.00% in the past 24 hours. Based on this price, SlowMist's previous estimate of a total loss of 129 million ADA was approximately $19.4 million. SlowMist founder Yu Xian (online name Cos) stated that the total loss exceeded $20 million. The presence of non-ADA tokens in the stolen wallets also inflated the loss figure, exceeding SecondFi's estimate.
SecondFi vulnerability exploitation process
The SecondFi team traced the vulnerability to a flaw in its proprietary wallet generation software. This flaw allowed attackers to access funds in multiple user wallets. Crucially, Cardano's underlying protocol was not the entry point for the attack. The project has completed on-chain analysis to determine the range of affected addresses.
SecondFi is currently working with an independent blockchain security company to conduct a technical review.
The project's internal estimate of the loss was approximately 16 million ADA. However, SlowMist's analysis of the hacker's fund flows and wallet activity suggests the actual loss may be much greater. Yu Xian stated that over 129 million ADA and other tokens may have been transferred through addresses associated with the attacker.
This difference suggests that the final figures will largely depend on the results of independent reviews.
This incident aligns with the increasingly prevalent infrastructure-layer attack patterns that have emerged since 2026. Earlier this month, a private key breach at Humanity Protocol caused its token value to plummet by 88% within 24 hours.
Attackers gained control through the leaked key materials. Similarly, the Syscoin bridge vulnerability demonstrates that software-layer flaws can often bypass standard security audits. In both cases, the vulnerabilities stemmed from tools built on top of the base chain, rather than the underlying protocol.
Following the SecondFi vulnerability incident, ADA is under pressure.
ADA is trading near a five-year low. Charles Hoskinson recently proposed a Cardano bailout plan, but ADA holders are generally skeptical. This data breach has undoubtedly exacerbated an already precarious ecosystem.
Hoskinson responded to the SecondFi incident, noting that while the losses may be smaller compared to other cryptocurrency vulnerabilities, this offers no comfort to affected users. He emphasized that some users may have lost all of their ADA assets, calling it a regrettable reality for the industry.
The vulnerability was discovered just one day after Cardano launched its Leios Musashi Dojo testnet. Early Cardano network activity data showed almost no significant increase in on-chain activity. Therefore, this vulnerability could further complicate Cardano's efforts to attract new developers and liquidity.
SecondFi has not yet announced a compensation timeline or recovery plan. The ongoing technical review will determine if any funds are still recoverable and what changes the project must make to its wallet infrastructure before it can safely resume operations.
