Kucoin
Web3 Security Breach: SecondFi Wallet Exposes Private Keys via Signature Flaw
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
In June 2026, the crypto sector faced 40 major hacking incidents, leading to losses of $75.87 million. The SecondFi wallet, part of the Cardano ecosystem, was notably compromised, with attackers transferring approximately 16 million ADA (worth $2.4 million) from 374 user wallets. The breach was due to a flaw in the wallet's signature implementation, where the signature nonce was incorrectly derived from public transaction messages, allowing attackers to potentially recover private keys without needing user credentials. Emergency measures by SecondFi secured an additional 129 million ADA that could have been at risk. This incident highlights vulnerabilities across multiple attack vectors in Web3, necessitating users to reassess the security of their crypto assets.
Key Points: • 40 major hacking incidents in June 2026 resulted in $75.87 million in losses. • The SecondFi wallet was compromised, with 16 million ADA stolen from 374 wallets. • The breach stemmed from a signature implementation flaw, exposing private keys through public data.