SecondFi is a self-custody neofinance platform built for spending, trading, earning, and saving with you in control.

Onchain
🛡 Recovery Process Status The team remains on track against the estimated 2-week recovery timeline, with substantial progress continuing as engineering teams work through multiple technical approaches in parallel to determine the most secure recovery solution for affected users. What Comes Next: To help users safely prepare for the upcoming next steps, we will be releasing: 1. A suitable mechanism that will allow users to check whether their wallet has been affected by early next week 2. A secure process that will allow users to safely move assets out of the platform thereafter. Our commitment remains unchanged: protecting users and ensuring assets are returned securely. Important Security Reminder: At this stage, NO recovery actions requiring user participation have begun. Until official instructions are provided, wallets should remain untouched and users should continue to rely only on updates shared through official SecondFi channels. SecondFi will NEVER request private keys, seed phrases, wallet credentials, or request asset transfers under any circumstances. Should you have any questions, please submit a ticket only through our official support channel at: support.secondfi.io We remain fully committed to completing this process safely and responsibly, and thank you for your continued support.
23
46
160
19,989
⚠️ IMPORTANT SECURITY REMINDER These are the ONLY OFFICIAL SecondFi channels: ▪️ X accounts @secondfiapp and @secondfi_jp ▪️ Support portal: support.secondfi.io We will never DM you first or ask for your recovery phrase. Any other account is a scam account. If you come across a fake account or suspicious message, please report it to X. The screenshots below show known impersonator accounts to watch for. Stay alert, and only trust updates from our official channels.
8
24
92
13,894
🛡 Recovery Process Update Today, we want to share an update across three areas: ⚙️ Returning user assets ⚙️ Moving user assets safely ⚙️ Onchain recovery 1. Returning User Assets - Drained by the attackers: @emurgo_io has funded an Asset Recovery Wallet specifically to return assets to users whose wallets were compromised in the attack. - Secured through our emergency rescue response: These assets are currently protected and accessible. We are in discussion with @IntersectMBO on the appropriate custody mechanism to ensure they are held securely and returned to users. 2. Moving Your Assets Our initial guidance was to stay put which was a deliberate step while we worked to fully understand the attack vector and avoid exposing users to further risk. Following active discussions with the Intersect Security Council, should you decide to move your assets, we recommend creating a new wallet using a hardware wallet only. A hardware wallet is the most secure option available. Important: However, users should NOT delete the SecondFi app under any circumstances. We strongly advise users to retain BOTH the app and their seed phrase, as they will be required to support the asset recovery process currently underway. 3. Onchain Recovery Our team is actively progressing an on-chain recovery solution designed to support the secure return of user assets. Extensive technical assessment has identified this as the most secure and efficient recovery pathway currently available. We are now working closely with a Cardano community-led task force to develop, validate and execute this solution securely. This process is more complex than originally anticipated and may require additional time beyond our previously estimated 2-week timeline. We will continue providing updates as progress continues. Important Security Reminder: SecondFi will NEVER request private keys, seed phrases, wallet credentials, or request asset transfers under any circumstances. We will never DM you first. Any message instructing you to move assets or submit wallet information outside of our verified official channels should be treated as fraudulent. Our official channels are our verified SecondFi X account and support.secondfi.io. For support, please submit a ticket only through our official support channel at: support.secondfi.io Thank you for your continued trust as this work continues.
40
38
145
33,439
SecondFi retweeted
🛡 Recovery Process Status The team remains on track against the estimated 2-week recovery timeline, with substantial progress continuing as engineering teams work through multiple technical approaches in parallel to determine the most secure recovery solution for affected users. What Comes Next: To help users safely prepare for the upcoming next steps, we will be releasing: 1. A suitable mechanism that will allow users to check whether their wallet has been affected by early next week 2. A secure process that will allow users to safely move assets out of the platform thereafter. Our commitment remains unchanged: protecting users and ensuring assets are returned securely. Important Security Reminder: At this stage, NO recovery actions requiring user participation have begun. Until official instructions are provided, wallets should remain untouched and users should continue to rely only on updates shared through official SecondFi channels. SecondFi will NEVER request private keys, seed phrases, wallet credentials, or request asset transfers under any circumstances. Should you have any questions, please submit a ticket only through our official support channel at: support.secondfi.io We remain fully committed to completing this process safely and responsibly, and thank you for your continued support.
23
46
160
19,989
⚠️ Important Security Update We are seeing an increase in malicious activity and impersonation attempts related to the recent incident. As a precaution, please DO NOT deposit any additional funds into your existing SecondFi wallet until further notice. To help users safely navigate next steps, we will be releasing: 1. A suitable mechanism to allow users to check whether their wallet has been affected by early next week. 2. A secure process that will allow users to safely move assets out of the platform thereafter thereafter. Please remember that NO recovery actions require user participation have begun at this stage. Wallets should remain untouched until official recovery instructions are provided. SecondFi will NEVER request private keys, seed phrases, wallet credentials, or request asset transfers under any circumstances. For support, please submit a ticket only through our official support channel at: support.secondfi.io Thank you to everyone for your continued patience and trust as this work continues.
18
30
104
27,401
⚠️ Important Security Advisory: Scam Attempts We have identified fraudulent messages circulating online from malicious actors attempting to impersonate SecondFi while our incident response remains underway. Please note that NO recovery actions requiring user participation have begun at this time. SecondFi will NEVER request private keys, seed phrases, wallet credentials, or direct wallet access under any circumstances. Any communication instructing users to submit wallet information, migrate assets, or take immediate action outside of our verified official SecondFi channels should be considered fraudulent. NO user action is required at this stage. You may submit a ticket through our official support channel at: support.secondfi.io Our team is actively monitoring these malicious activities alongside our ongoing recovery progress, and we will continue sharing verified updates as progress continues.
18
38
103
20,301
🛡️ Recovery Process Update Our team remains focused on returning assets to affected users, and we are making strong progress on a structured recovery and verification process. Two important updates today: 1. The final balance snapshot has been taken today, Friday 26 June 2026. We have been capturing regular snapshots throughout the incident response, and this final one gives us an accurate, verified record of balances to work from as we prepare recovery. 2. Timing of recovery. Behind the scenes, our engineering and security teams have worked around the clock to validate balances and evaluate recovery mechanisms. This has led to a solution where assets can begin being returned, which we estimate is around two weeks away: roughly one week to reach a working solution, then a week of testing and review. Timing may shift as the work continues but our priority is clear: a safe return of funds and getting SecondFi back online responsibly. We will resume operations once we are fully confident the platform is secure and all security reviews are complete and we are determined to get there as quickly as we safely can. For now, the only action required is to submit a support ticket at: support.secondfi.io. We appreciate your continued patience as we work through this process responsibly and will continue sharing updates as progress is made.
39
49
210
20,813
📢 Important Guidance for SecondFi Users We understand that many users are considering migrating to new wallets, and that trusted members of the Cardano community are suggesting ways to do so. We recognise this comes from a desire to protect your assets. If you choose to migrate, you do so at your own risk. However, we strongly advise against taking this action at this time. Particularly if you are not technical, the safest course is to leave it untouched. Independent actions taken outside of official guidance create additional risks, and may significantly complicate the asset claims process. Our team is working through a secure recovery process, and we will continue keeping users updated as progress is made. Official step by step instructions will follow shortly. If you have a query, you may submit a ticket at: support.secondfi.io. We will never DM you first or ask for your recovery phrase. Thank you for your patience.
41
32
104
22,589
⚠️ As stated, we have identified the root cause, it is at the address level. Please DO NOT RESTORE your recovery phrase into another Cardano wallet, this does not mitigate the security risk. The security risk occurs when an affected user signs a transaction. In addition, we are working to facilitate the verification process so users can claim back their assets safely, following the above is very important, as it makes claims more difficult. There has been conflicting advice from different community members in an attempt to be helpful. Do nothing until official steps come from SecondFi. The only thing you should do is submit a ticket at support.secondfi.io. We will never DM you first or ask for your recovery phrase.
39
19
75
13,438
We aim to provide the latest update on our investigation into the exploit As mentioned in our previous post, between June 21–23, 2026, a sophisticated, automated attack drained funds from multiple Cardano wallets. We now have identified and isolated the addresses of 2 attackers. We are sharing them below with the community, for full transparency. Attacker A (Waves 1 & 2) Drained 171 wallets across two automated batches. • Collection Wallet 1: addr1q9j7f598x988unr4zhjulft205jqnn9ewgwkhes5smf2sr6jsw98nm4qq38jw9epe587twavuhuhj5d8r92rjvmyjlzs9lqc3x • Collection Wallet 2: addr1q9wudkfeelzwev427yvapkmqexmet8q4vl303m7a4eerwtvt6rq00zyuqzeuw759vgqtdky0gyxnqx27n8q4k6h79yhsqelma8 • Collection Wallet 3: addr1q82jlp2u0ezv2hsf6f40fkrv49hd72yv442nmrr5qeultpqamepaykp3m564hnd4zp75wxxds2j6d3ywvc8prhf2kcxqn6nql3 • Central Fee/Change Address: addr1q8acx4h5a38x6ekpsp0x7aelw6mflt78khmz8lz75rtnqvn07w88zx2e89tgzqr3x0mecngqlg87kq9surhk48hj79mqcezfa8 • Attacker Stake Key: Stake1u9hl8rn3r9vnj45pqpcn8auuf5q05rltqzcwpmm2nme0zasf40ymg Attacker B (Wave 3) Drained 203 wallets in a separate automated sweep. • Collection Wallet (⚠️ 4,020,468 ADA linked to the exploit remains in this address, which has been flagged and is under active monitoring and investigation): •addr1q8m5wdncq7rwum73r5cyyr82qx2xjem5k4ehapl3wy36aaerj829vasl3amtcwshgvnn6a25dr850tfw6qaj420d2szsslkku6 • Attacker Stake Key: stake1uy3er4zkwc0c7a4u8gt5xfeaw42x3n6845hdqwe248k4gpgdq4da5
40
45
150
33,354
Our commitment to supporting affected users remains unchanged. We are continuing to work alongside law enforcement agencies and key partners across the Cardano ecosystem to trace and restrict the movement of assets linked to the attack. As investigations continue, we are actively reviewing all relevant intelligence related to the attack and the individuals responsible. Credible information relevant to the incident can be directed to incident-response@secondfi.io We will continue providing transparent updates until every necessary step has been completed.
7
12
54
9,029
There is only one official SecondFi account and support portal which is support.secondfi.io We will never DM you first or ask for your recovery phrase. Any other account is a scam account
24
24
75
10,237
Important Security Update. As stated, we have identified the root cause of the incident. It is at the address level. The affected software signer used a deterministic nonce derivation flaw. Every time an address signed a transaction, it leaked enough information to mathematically reconstruct that address's private key from public blockchain data alone. If you were affected by the attack, your first/default address (index 0) is almost certainly exposed. It is the address that some wallets may be using by default or as the only address at all, and nearly always has transactions. That history is all an attacker needs. Please DO NOT RESTORE your recovery phrase into another Cardano wallet. This does not mitigate the security risk. Your keys are derived from your recovery phrase, not from the app. Restoring the same phrase into another wallet recreates identical addresses with identical exposure. The compromised thing is the key of the compromised address(es), not the interface you are using. If you were affected by the attack, and use any of your compromised address(es) to deposit it could be drained again. This includes withdrawing staking rewards even using another wallet. Reward withdrawal and delegation are signed with the stake credential. The withdrawn funds could be routed to your first/default address (as indicated above), which has a high chance of being compromised (wallets work differently managing it). Mempool-monitoring adversaries can front-run or sweep your assets on confirmation. There has been conflicting advice from community members in an attempt to be helpful. Do nothing until official steps come from SecondFi. We are working to facilitate the verification process so users can claim back their assets safely. Following the above is very important, if not it makes verified claims more difficult. The only thing you should do right now is submit a ticket at support.secondfi.io We will never DM you first or ask for your recovery phrase.
56
72
173
99,178
⚠️ As stated, we have identified the root cause, it is at the address level. Please DO NOT RESTORE your recovery phrase into another Cardano wallet, this does not mitigate the security risk. The security risk occurs when an affected user signs a transaction. In addition, we are working to facilitate the verification process so users can claim back their assets safely so the above is very important, as it makes claims more difficult. There has been conflicting advice from different community members in an attempt to be helpful. Do nothing until official steps come from SecondFi. The only thing you should do is submit a ticket at support.secondfi.io. We will never DM you first or ask for your recovery phrase.
54
40
145
35,879
As per our previous post: nitter.app/secondfiapp/status/206… We have identified the root cause and have since rolled out a patch for all unaffected wallets. This will allow us to resume normal operations soon. ----- Regarding affected wallets, 4 distinct draining events occurred. 3 were executed by external threat actors, resulting in a loss of ~16m ADA across 374 addresses. To prevent total loss during the active exploit, emergency rescue measures were triggered to secure the available ~129m ADA and continues to be routed to an independent, qualified third-party custodian, where they are held securely for the benefit of the affected wallet addresses. An external accounting firm has been engaged for a special audit to independently verify those holdings. We are working to facilitate the verification process so users can claim back their assets safely. Affected users should submit their claim at support.secondfi.io We take this incident seriously and are working to ensure all assets are returned to affected users as soon as possible. As stated, we have identified the root cause, it is at the address level. Please DO NOT RESTORE your recovery phrase into another Cardano wallet, this does not mitigate the security risk. The security risk occurs when an affected user signs a transaction. Further explanation to follow.
To provide more clarity, we have identified the nature of the incident, it is at the address level. The security risk affects wallet users when a transaction is signed. Therefore recovery to another platform or wallet does not mitigate the risk. 🚨 DO NOT restore your recovery phrase into a new Cardano wallet. We have isolated the affected wallets and will post mitigation steps shortly.
116
149
421
239,596