🛡 Recovery Process Update
Today, we want to share an update across three areas:
⚙️ Returning user assets
⚙️ Moving user assets safely
⚙️ Onchain recovery
1. Returning User Assets
- Drained by the attackers:
@emurgo_io has funded an Asset Recovery Wallet specifically to return assets to users whose wallets were compromised in the attack.
- Secured through our emergency rescue response: These assets are currently protected and accessible. We are in discussion with
@IntersectMBO on the appropriate custody mechanism to ensure they are held securely and returned to users.
2. Moving Your Assets
Our initial guidance was to stay put which was a deliberate step while we worked to fully understand the attack vector and avoid exposing users to further risk. Following active discussions with the Intersect Security Council, should you decide to move your assets, we recommend creating a new wallet using a hardware wallet only. A hardware wallet is the most secure option available.
Important: However, users should NOT delete the SecondFi app under any circumstances. We strongly advise users to retain BOTH the app and their seed phrase, as they will be required to support the asset recovery process currently underway.
3. Onchain Recovery
Our team is actively progressing an on-chain recovery solution designed to support the secure return of user assets. Extensive technical assessment has identified this as the most secure and efficient recovery pathway currently available.
We are now working closely with a Cardano community-led task force to develop, validate and execute this solution securely.
This process is more complex than originally anticipated and may require additional time beyond our previously estimated 2-week timeline.
We will continue providing updates as progress continues.
Important Security Reminder:
SecondFi will NEVER request private keys, seed phrases, wallet credentials, or request asset transfers under any circumstances. We will never DM you first.
Any message instructing you to move assets or submit wallet information outside of our verified official channels should be treated as fraudulent. Our official channels are our verified SecondFi X account and
support.secondfi.io.
For support, please submit a ticket only through our official support channel at:
support.secondfi.io
Thank you for your continued trust as this work continues.