The damage from a security breach at SecondFi, a project built on Cardano, may be far larger than the team initially reported. SlowMist founder Yu Xian, known as Cos, said the hacker could have made off with as much as 129 million ADA plus other tokens – potentially pushing total losses past $20 million.
SecondFi confirmed the exploit stemmed from a vulnerability in its own wallet-generation software, a tool developed in-house. The project’s preliminary estimate put the hit at roughly 16 million ADA, worth about $X at current prices. But Cos’s on-chain analysis of the attacker’s fund flows and wallet activity suggests a much bigger haul.
“User losses could theoretically top $20 million,” Cos said, citing the movement of funds across addresses. The discrepancy between the two figures is stark: 16 million ADA versus up to 129 million ADA and other tokens. SecondFi said it is still tracing transactions and has hired an external blockchain security firm for a independent technical audit.
The hack underscores the risks that come with proprietary wallet infrastructure, even in ecosystems promoted as secure. Cardano’s native coin, ADA, has not yet shown a sharp reaction, but traders should watch for any signs of a sell-off if the hacker begins to liquidate the stolen tokens.
SecondFi has not disclosed a timeline for the audit’s completion. Market participants should expect a formal loss figure once the investigation and third-party review conclude. Until then, the gap between the project’s own estimate and SlowMist’s analysis leaves room for further downside pressure on ADA sentiment.
SecondFi on Cardano hacked with losses possibly exceeding $20 million due to software flaw
SecondFi, a project on Cardano, was hacked through a flaw in its wallet software, potentially losing over $20 million worth of ADA and other tokens. Users and investors could face significant financial impact as the stolen funds move, highlighting risks in custom wallet tools.