9 Years of Faith Shattered! Cardano Longtime Fan With “Millions of ADA” Gets Hacked to Zero, Official Wallet SecondFi Explodes a Fatal Vulnerability

According to reports from X platform users and investigations by security agencies, the official wallet SecondFi (formerly Yoroi) under Cardano founding entity EMURGO has suffered a serious software vulnerability. A loyal fan who has supported Cardano for 9 years posted a tearful complaint that his 998k ADA, saved as retirement funds, were emptied by hackers without any leakage of his seed phrase. Security agency SlowMist estimates that the total loss from this incident may exceed $20 million. (Background: Cardano Foundation hoards 1,090 BTC, well-known creditor investor demands disclosure of fund flows) (Supplementary background: Cardano founder announces "I'm going to rest," ADA crashes to $0.19, a five-year low) Table of Contents Toggle

• 9 years of faith gone in one night, millions of ADA retirement funds stolen
• Official wallet reveals fatal vulnerability, losses may exceed $20 million
• Community laments not using "cold wallet," official suspends service, plans compensation The cryptocurrency market has seen another major security disaster, and this time the culprit is the official wallet that users trusted deeply. SecondFi (formerly the million-user Yoroi wallet), launched by Cardano founding entity EMURGO, recently suffered a serious software vulnerability, causing a large number of users to have their funds looted by hackers without any leakage of their seed phrases. A loyal fan who has supported Cardano for 9 years even posted a tearful complaint on social media that his nearly one million ADA saved as retirement funds were wiped out overnight, sparking high attention and uproar in the community.

I stayed in Cardano for 9 years. All my properties, Ada (998k), were stolen a day ago. Unbeknownst to me, the transaction was approved and Ada disappeared. Made by the founding organization Emergo, I only used this @secondfiapp wallet on my mobile (iPhone).

— Jacsam (@j3j30104) June 24, 2026

9 years of faith gone in one night, millions of ADA retirement funds stolen

An X platform user named Jacsam (@j3j30104) posted on the 24th, stating that he has been a loyal supporter of the Cardano ecosystem for 9 years. However, the 998k ADA (currently worth about several hundred thousand dollars) stored in the SecondFi mobile app vanished without his knowledge and without any transaction approval. Jacsam pointed out with pain that he had always kept his seed phrase securely written on paper. His only mistake was "over-trusting" this wallet launched by the official organization EMURGO. He invested all his funds beyond living expenses as retirement savings, and now he has lost everything, making him, as a father with a family, feel incredibly sad and painful. He even frustratingly questioned whether his long-term trust in Cardano and founder Charles Hoskinson was a fatal mistake.

Official wallet reveals fatal vulnerability, losses may exceed $20 million

This tragedy is not an isolated incident but stems from a major system flaw in the SecondFi wallet. According to an announcement by SecondFi official on the 23rd, the wallet's generation software had a serious vulnerability that made some users' private keys or seed phrases predictable to hackers. This means attackers could directly access and steal funds from the wallet without any active information leakage by the users.

🚨 SECURITY UPDATE: Root Cause & Blast Radius Confirmed

We have isolated the root cause of the recent security incident. The issue was confined to our native Cardano web wallet generation software.

Our team has completed an onchain analysis to determine the scope of impact, and…

— SecondFi (@secondfiapp) June 23, 2026

In terms of the scope of impact, SecondFi officially estimated that approximately 178 wallets were affected, with losses of about 16 million ADA. However, the well-known blockchain security agency SlowMist, after tracking on-chain data, gave even more shocking numbers. SlowMist pointed out that the actual losses could be as high as 129 million ADA plus other tokens and NFTs, with total losses potentially exceeding $20 million.

Community laments not using "cold wallet," official suspends service, plans compensation Jacsam's tragic experience has drawn widespread sympathy in the community, but also elicited helpless sighs from many security experts. Many pointed out that storing nearly one million ADA of substantial funds in a connected mobile "hot wallet" without the multi-authorization protection of a hardware cold wallet (such as Ledger) is an extremely dangerous practice. Currently, SecondFi has fully suspended services and entered maintenance mode. The official has also taken a snapshot of the affected wallet balances, which may serve as the basis for future compensation or recovery. In response, Cardano founder Charles Hoskinson also stepped forward, emphasizing that this is a software issue at the wallet application level, not a breach of the underlying protocol of the Cardano blockchain itself. Nevertheless, some community members still strongly urge that EMURGO, as the official entity, must take full responsibility for this serious oversight and compensate the victims.