Web3 Security Breach: SecondFi Wallet Exposes Private Keys via Signature Flaw

Web3 Security Breach: SecondFi Wallet Exposes Private Keys via Signature Flaw

First seen 9 Jul 2026, 18:11 UTC Odaily.NewsKucoin 93% similarity 69.0

Article Content

Browse articles
ThreatCluster

In June 2026, the crypto sector faced 40 major hacking incidents, leading to losses of $75.87 million. The SecondFi wallet, part of the Cardano ecosystem, was notably compromised, with attackers transferring approximately 16 million ADA (worth $2.4 million) from 374 user wallets. The breach was due to a flaw in the wallet's signature implementation, where the signature nonce was incorrectly derived from public transaction messages, allowing attackers to potentially recover private keys without needing user credentials. Emergency measures by SecondFi secured an additional 129 million ADA that could have been at risk. This incident highlights vulnerabilities across multiple attack vectors in Web3, necessitating users to reassess the security of their crypto assets.

Key Points: • 40 major hacking incidents in June 2026 resulted in $75.87 million in losses. • The SecondFi wallet was compromised, with 16 million ADA stolen from 374 wallets. • The breach stemmed from a signature implementation flaw, exposing private keys through public data.

ThreatCluster AI

Timeline

2026-06-21
SecondFi wallet breach occurred
Attackers transferred approximately 16 million ADA from user wallets due to a signature flaw, affecting 374 wallets.
Odaily.News
2026-06-23
Emergency measures implemented
SecondFi announced that emergency measures secured an additional 129 million ADA that could have been compromised.
Kucoin
2026-07-09
PeckShield report released
PeckShield's report revealed 40 major hacking incidents in June, highlighting vulnerabilities in wallets, L2 protocols, and supply chains.
Odaily.News

Community

Browse all →