小賤狗

🛡️ Recovery Process Update Our team remains focused on returning assets to affected users, and we are making strong progress on a structured recovery and verification process. Two important updates today: 1. The final balance snapshot has been taken today, Friday 26 June 2026. We have been capturing regular snapshots throughout the incident response, and this final one gives us an accurate, verified record of balances to work from as we prepare recovery. 2. Timing of recovery. Behind the scenes, our engineering and security teams have worked around the clock to validate balances and evaluate recovery mechanisms. This has led to a solution where assets can begin being returned, which we estimate is around two weeks away: roughly one week to reach a working solution, then a week of testing and review. Timing may shift as the work continues but our priority is clear: a safe return of funds and getting SecondFi back online responsibly. We will resume operations once we are fully confident the platform is secure and all security reviews are complete and we are determined to get there as quickly as we safely can. For now, the only action required is to submit a support ticket at: https://t.co/bKfl8SK9D2. We appreciate your continued patience as we work through this process responsibly and will continue sharing updates as progress is made.

Reminder: Until the SecondFi incident is fully resolved, please avoid making any transactions with addresses that have interacted with SecondFi. This includes transfers, staking reward claims, unstaking, swaps, claims, approvals, or any action that requires a wallet signature. If you have used SecondFi for trading, signing, authorization, or other wallet interactions, your address may potentially be affected. The risk is not necessarily tied to the wallet app itself. Even if you switch to another wallet app, restoring the same recovery phrase may still give you the same addresses. If an affected address signs a transaction, it may trigger asset movement or expose the assets to further risk. Please wait for SecondFi to officially announce a safe migration, claim, or asset return process before taking action.

SecondFiの続報から、いろいろ具体的な内容が見えてきたようです。以下にまとめます。 👇 【原因が確定:決定論的nonce導出の欠陥】 これまで「弱いRNG/予測可能なシード」と推測されていた原因が、より正確に特定されました。問題は署名時に使われる「nonce(その都度使い捨てるべき乱数)」の導出に欠陥があったことです。 公式の説明👉アドレスがトランザクションに署名するたびに、その署名から十分な情報が漏れ、公開されているブロックチェーン上のデータだけで、そのアドレスの秘密鍵を数学的に再構築できてしまう。 これは先日のエンジン分析(署名が公開鍵を露出させ、鍵を割り出される)を、さらに精密にした形です。単に鍵が露出するだけでなく、署名のたびに漏れる情報を積み重ねると秘密鍵そのものを計算で復元できる、というのが核心です。ECDSA/EdDSA系で実際に知られている「nonce再利用・弱nonce攻撃」の一種ですね。 【特に危険なのは「最初のアドレス(index 0)」】 新しく具体化された警告です。攻撃を受けた場合、最初の(デフォルトの)アドレス=index 0は、ほぼ確実に露出している。多くのウォレットがデフォルトで使う、あるいは唯一使うアドレスで、ほぼ必ず取引履歴がある。その履歴さえあれば攻撃者が鍵を復元するのに十分だ、ということです。 つまり「過去に一度でも署名したことのあるアドレス」が危ない。署名履歴=漏洩データの蓄積、だからです。 【なぜ復元では回避できないか(改めて確定)】 鍵は復元フレーズから導かれるのであって、アプリから導かれるのではない。同じフレーズを別ウォレットに復元すれば、同一のアドレスが同一の露出状態で再生成されるだけ。危殆化しているのは「アプリ」ではなく「そのアドレスの鍵」そのもの、と明言しています。 【ステーキング報酬の引き出し・委任も危険】 ここが今回いちばん実務的に効く新情報です。報酬引き出しや委任はステーク資格(stake credential)で署名され、引き出した資金が危険なindex 0アドレスに送られる可能性がある。そして、別のウォレットを使って引き出しても同じこと。メンプールを監視する攻撃者にフロントランされ、確定時に掃かれうる。 つまり「報酬を引き出すだけ」「委任先を変えるだけ」の操作すら、危険なアドレスへの資金導線になりうる、ということです。 【つまり、今は何もできない】 コミュニティ内で善意の助言が錯綜しているが、SecondFiの公式手順が出るまで何もするな、と明言しています。そして、勝手に動くと、かえって正規のクレーム(資産返還)の検証が難しくなる、とも警告しています。これは、あなたが先ほどから取ってきた「動かずに待つ」という判断が、公式に正しいと確認された形です。

Important Security Update. As stated, we have identified the root cause of the incident. It is at the address level. The affected software signer used a deterministic nonce derivation flaw. Every time an address signed a transaction, it leaked enough information to mathematically reconstruct that address's private key from public blockchain data alone. If you were affected by the attack, your first/default address (index 0) is almost certainly exposed. It is the address that some wallets may be using by default or as the only address at all, and nearly always has transactions. That history is all an attacker needs. Please DO NOT RESTORE your recovery phrase into another Cardano wallet. This does not mitigate the security risk. Your keys are derived from your recovery phrase, not from the app. Restoring the same phrase into another wallet recreates identical addresses with identical exposure. The compromised thing is the key of the compromised address(es), not the interface you are using. If you were affected by the attack, and use any of your compromised address(es) to deposit it could be drained again. This includes withdrawing staking rewards even using another wallet. Reward withdrawal and delegation are signed with the stake credential. The withdrawn funds could be routed to your first/default address (as indicated above), which has a high chance of being compromised (wallets work differently managing it). Mempool-monitoring adversaries can front-run or sweep your assets on confirmation. There has been conflicting advice from community members in an attempt to be helpful. Do nothing until official steps come from SecondFi. We are working to facilitate the verification process so users can claim back their assets safely. Following the above is very important, if not it makes verified claims more difficult. The only thing you should do right now is submit a ticket at https://t.co/bKfl8SK9D2 We will never DM you first or ask for your recovery phrase.

⚠️ As stated, we have identified the root cause, it is at the address level. Please DO NOT RESTORE your recovery phrase into another Cardano wallet, this does not mitigate the security risk. The security risk occurs when an affected user signs a transaction. In addition, we are working to facilitate the verification process so users can claim back their assets safely so the above is very important, as it makes claims more difficult. There has been conflicting advice from different community members in an attempt to be helpful. Do nothing until official steps come from SecondFi. The only thing you should do is submit a ticket at https://t.co/bKfl8SK9D2. We will never DM you first or ask for your recovery phrase.

UPDATE: The SecondFi hackers stole 16M $ADA from 374 addresses. The earlier mentioned 129M $ADA was RESCUED by EMURGO and will be returned to users. This is great news. They've also repeated: "Please DO NOT RESTORE your recovery phrase into another Cardano wallet, this does not mitigate the security risk. The security risk occurs when an affected user signs a transaction."

As per our previous post: https://t.co/LGhovIoI3T We have identified the root cause and have since rolled out a patch for all unaffected wallets. This will allow us to resume normal operations soon. ----- Regarding affected wallets, 4 distinct draining events occurred. 3 were executed by external threat actors, resulting in a loss of ~16m ADA across 374 addresses. To prevent total loss during the active exploit, emergency rescue measures were triggered to secure the available ~129m ADA and continues to be routed to an independent, qualified third-party custodian, where they are held securely for the benefit of the affected wallet addresses. An external accounting firm has been engaged for a special audit to independently verify those holdings. We are working to facilitate the verification process so users can claim back their assets safely. Affected users should submit their claim at https://t.co/bKfl8SK9D2 We take this incident seriously and are working to ensure all assets are returned to affected users as soon as possible. As stated, we have identified the root cause, it is at the address level. Please DO NOT RESTORE your recovery phrase into another Cardano wallet, this does not mitigate the security risk. The security risk occurs when an affected user signs a transaction. Further explanation to follow.

To anyone that is tracking the funds from the SecondFi hack: Our API might be really helpful for building custom trackers and visualization tools for the inflows / outflows of the hacker's address. Below is an example what Claude could build in just a few minutes with the API. Seems like total of 129.5M $ADA was stolen from 2593 users. Just putting it out there in case someone's looking for a data source. Hoping this could be helpful. We're sorry to all the affected users, hoping the situation gets swiftly resolved with the funds returned. Fingers crossed.