ฐปกร คล้ายฉ่ำ

🛡️ Recovery Process Update Our team remains focused on returning assets to affected users, and we are making strong progress on a structured recovery and verification process. Two important updates today: 1. The final balance snapshot has been taken today, Friday 26 June 2026. We have been capturing regular snapshots throughout the incident response, and this final one gives us an accurate, verified record of balances to work from as we prepare recovery. 2. Timing of recovery. Behind the scenes, our engineering and security teams have worked around the clock to validate balances and evaluate recovery mechanisms. This has led to a solution where assets can begin being returned, which we estimate is around two weeks away: roughly one week to reach a working solution, then a week of testing and review. Timing may shift as the work continues but our priority is clear: a safe return of funds and getting SecondFi back online responsibly. We will resume operations once we are fully confident the platform is secure and all security reviews are complete and we are determined to get there as quickly as we safely can. For now, the only action required is to submit a support ticket at: https://t.co/bKfl8SK9D2. We appreciate your continued patience as we work through this process responsibly and will continue sharing updates as progress is made.

⚠️ As stated, we have identified the root cause, it is at the address level. Please DO NOT RESTORE your recovery phrase into another Cardano wallet, this does not mitigate the security risk. The security risk occurs when an affected user signs a transaction. In addition, we are working to facilitate the verification process so users can claim back their assets safely, following the above is very important, as it makes claims more difficult. There has been conflicting advice from different community members in an attempt to be helpful. Do nothing until official steps come from SecondFi. The only thing you should do is submit a ticket at https://t.co/bKfl8SK9D2. We will never DM you first or ask for your recovery phrase.

As per our previous post: https://t.co/LGhovIoI3T We have identified the root cause and have since rolled out a patch for all unaffected wallets. This will allow us to resume normal operations soon. ----- Regarding affected wallets, 4 distinct draining events occurred. 3 were executed by external threat actors, resulting in a loss of ~16m ADA across 374 addresses. To prevent total loss during the active exploit, emergency rescue measures were triggered to secure the available ~129m ADA and continues to be routed to an independent, qualified third-party custodian, where they are held securely for the benefit of the affected wallet addresses. An external accounting firm has been engaged for a special audit to independently verify those holdings. We are working to facilitate the verification process so users can claim back their assets safely. Affected users should submit their claim at https://t.co/bKfl8SK9D2 We take this incident seriously and are working to ensure all assets are returned to affected users as soon as possible. As stated, we have identified the root cause, it is at the address level. Please DO NOT RESTORE your recovery phrase into another Cardano wallet, this does not mitigate the security risk. The security risk occurs when an affected user signs a transaction. Further explanation to follow.

We aim to provide the latest update on our investigation into the exploit As mentioned in our previous post, between June 21–23, 2026, a sophisticated, automated attack drained funds from multiple Cardano wallets. We now have identified and isolated the addresses of 2 attackers. We are sharing them below with the community, for full transparency. Attacker A (Waves 1 & 2) Drained 171 wallets across two automated batches. • Collection Wallet 1: addr1q9j7f598x988unr4zhjulft205jqnn9ewgwkhes5smf2sr6jsw98nm4qq38jw9epe587twavuhuhj5d8r92rjvmyjlzs9lqc3x • Collection Wallet 2: addr1q9wudkfeelzwev427yvapkmqexmet8q4vl303m7a4eerwtvt6rq00zyuqzeuw759vgqtdky0gyxnqx27n8q4k6h79yhsqelma8 • Collection Wallet 3: addr1q82jlp2u0ezv2hsf6f40fkrv49hd72yv442nmrr5qeultpqamepaykp3m564hnd4zp75wxxds2j6d3ywvc8prhf2kcxqn6nql3 • Central Fee/Change Address: addr1q8acx4h5a38x6ekpsp0x7aelw6mflt78khmz8lz75rtnqvn07w88zx2e89tgzqr3x0mecngqlg87kq9surhk48hj79mqcezfa8 • Attacker Stake Key: Stake1u9hl8rn3r9vnj45pqpcn8auuf5q05rltqzcwpmm2nme0zasf40ymg Attacker B (Wave 3) Drained 203 wallets in a separate automated sweep. • Collection Wallet (⚠️ 4,020,468 ADA linked to the exploit remains in this address, which has been flagged and is under active monitoring and investigation): •addr1q8m5wdncq7rwum73r5cyyr82qx2xjem5k4ehapl3wy36aaerj829vasl3amtcwshgvnn6a25dr850tfw6qaj420d2szsslkku6 • Attacker Stake Key: stake1uy3er4zkwc0c7a4u8gt5xfeaw42x3n6845hdqwe248k4gpgdq4da5

To provide more clarity, we have identified the nature of the incident, it is at the address level. The security risk affects wallet users when a transaction is signed. Therefore recovery to another platform or wallet does not mitigate the risk. 🚨 DO NOT restore your recovery phrase into a new Cardano wallet. We have isolated the affected wallets and will post mitigation steps shortly.

🚨 SECURITY UPDATE: Root Cause & Blast Radius Confirmed We have isolated the root cause of the recent security incident. The issue was confined to our native Cardano web wallet generation software. Our team has completed an onchain analysis to determine the scope of impact, and we are now finalizing an independent technical review with a leading blockchain security firm to validate our findings.

🚨 SECURITY UPDATE: Root Cause & Blast Radius Confirmed We have isolated the root cause of the recent security incident. The issue was confined to our native Cardano web wallet generation software. Our team has completed an onchain analysis to determine the scope of impact, and we are now finalizing an independent technical review with a leading blockchain security firm to validate our findings.