EMURGO Starts Recovery for Hacked SecondFi Wallet, Targets Asset Returns Within Two Weeks

EMURGO, a core development company in the Cardano ecosystem, has begun restoring assets for users of wallet service SecondFi after a recent hack stole about $2.4 million of ADA.

The Block reported on June 27 that EMURGO Chief Executive Officer Phillip Pon said the company had completed a forensic investigation and verified wallet balances. It has also established a clear recovery plan for user assets.

Pon said building the recovery system will take about one week, followed by an additional week of testing. The company plans to begin the asset return process within about two weeks.

EMURGO urged users not to take any action beyond SecondFi's official guidance. The recovery will be based on the state of the compromised wallets, it said, adding that the company will not request private keys or seed phrases.

SecondFi said four security incidents occurred from June 21 to June 23. In three of them, external attacks stole about 16 million ADA, or roughly $2.4 million, from 374 wallets. The fourth was an emergency transfer by the company of about 129 million ADA to an external custodian to prevent additional losses.

The company said it is verifying those assets through an accounting firm. Affected users can apply for compensation through the official support page.

Separately, security firm Tibane Labs said the incident stemmed from an error in the digital-signature implementation of an unverified external software development kit, or SDK, used in SecondFi's wallet-generation software. Its report said a newly distributed SDK released on June 8 contained a vulnerability that made it possible to infer private keys.

EMURGO has not released an official technical analysis of the incident and has not separately responded to Tibane Labs' findings.