SecondFi is shutting down after Cardano wallet exploit

Cardano wallet firm SecondFi says it will not resume “normal operations” and will instead focus solely on “returning assets to affected users” as it continues to grapple with last month’s $2.4 million ADA exploit.

Developer Emurgo, claimed yesterday that “SecondFi will not resume normal operations, even once the audits are complete.”

It added, “Going forward, our involvement in SecondFi is limited to a dedicated asset recovery team, tasked solely with returning assets to affected users.”

The firm has yet to release an audit of what took place during the exploit, which saw 16 million ADA ($2.4 million) stolen by bad actors, and 129 million ADA ($18.5 million) taken by a mysterious white hat hacker. 

Emurgo is also yet to launch a recovery plan for affected users and is still in the process of arranging one.  

Read more: Mystery deepens over Cardano wallet’s $18.5M white hat hacker

What was announced, however, was a new site for users to check the status of their wallet, however, it isn’t live yet. 

What’s the deal with the white hat hacker funds?

SecondFi wallets were drained last month after a “nonce derivation” issue exposed users’ private keys.

The exploited code created deterministic transaction data that could provide clues to recreate a wallet’s private key and facilitate the ADA theft. 

In the weeks that followed, users speculated that the white hat hacker may not actually have been associated with Emurgo. 

An X Spaces discussion with Cardano founder, Charles Hoskinson, fueled speculation after he said, based on information derived from a meeting between Emurgo and Cardano’s governance firm Intersect, that the white hat hacker was unknown to Emurgo. 

Hoskinson then noted, “or at least [Emurgo] said it is not affiliated with Emurgo.” 

SecondFi’s latest statement on July 4 notes that the assets acquired through its emergency response, which involved the white hat hacker, “are currently protected and accessible.”

As for the threat actor funds, it claims that Emurgo has established a recovery fund address here, which currently contains $2.8 million worth of ADA.

It’s unclear whether these funds are made up of the rescued ADA, or Emurgo’s own supply.

Protos has reached out to Emurgo for comment and will update this piece if we hear anything back.

Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on XBluesky, and Google News, or subscribe to our YouTube channel.