🚨 We recognize that some users may not have completed all steps in the Hardware Wallet Guidance posted in our knowledge base. If you are not technically proficient, we recommend you reach us via DM @secondfiappOT with more details on your query.
https://t.co/rue6IV2bOC
Hello there @TobJa013 In this case you can access your funds through an extension on the ICx, send us a message via DM @secondfiappOT and we would be able to assist further.
Best regards.
Hello there @Jorish27 You can only claim with an extension on the ICx, send us a message via DM @secondfiappOT and we would be able to provide further assistance.
Hey there @NoobOnTour024 Do not use the recovery method, you need to use an extension to access the Dapps, send us a message @secondfiappOT and we would be able to assist further.
Best regards,
SecondFiapp Team.
Hello Cesar @Ceezlok You need to use an extension on the ICx, send us a message via DM @secondfiappOT and we would be able to provide step by step instructions.
@secondfiapp@emurgo_io I can now access one of my wallets. I can see that 7,537.9704 ADA is missing, and only 5,860.2535 ADA and 26,960.177 NIGHT remain in this wallet. My second wallet, which also contains ADA and NIGHT, is still inaccessible. Please investigate and help me recover my assets. Thanks
Hello there @73trinhh We sincerely apologise for the inconvenience you’re experiencing on our platform, send us a message via DM @secondfiappOT and more details on the transaction and we would be able to help.
@emurgo_io Tất cả tài sản ada và night của tôi nằm ở ví secondFi hết và số lượng night chưa dêdn lúc claim thì làm sao. Vì lượng night của tôi rất nhiều.
Hello Michael @TolmanMichaels We invite you to reach us via DM @secondfiappOT for more detailed information concerning the whole recovery and we would be able to assist further.
Best regards.
Hey cali @Calihotshotirl Have you been able to access your funds with en extension DEX ? send us a message @secondfiappOT and we would be able to assist further.
Recovery Fund Address
Our commitment remains unequivocal: to support the return of assets to all affected wallet holders from the 4 distinct wallet draining events which we intend to return in their in their original form. Three of these events were executed by external threat actors resulting in a loss of ~16M ADA.
To return these assets to the victims of the attack, EMURGO has set up a recovery fund address. You can find it here:
addr1qyvvn9e9ulvzw2nvgkwraxwrla4a28l7gmduk7jru2rw9kdxkls8aczwgg8u44nj87uaq50rgcjulcxtzv9q8j0g2lss9kv2ss
Assets secured through our emergency rescue response, including those from the fourth event, are currently protected and accessible. These will form part of the recovery effort to return assets to affected users.
Important Security Reminder
SecondFi will NEVER request private keys, recovery phrases, or wallet credentials, and we will never DM you first.
Do not trust any checker, link, or account outside our official channels:
▪️ X accounts: @secondfiapp and @secondfi_jp
▪️ Support portal: https://t.co/bKfl8SK9D2
▪️ Asset recovery wallet checker: https://t.co/EGLOj6iKDl
Important Security Update.
As stated, we have identified the root cause of the incident. It is at the address level.
The affected software signer used a deterministic nonce derivation flaw. Every time an address signed a transaction, it leaked enough information to mathematically reconstruct that address's private key from public blockchain data alone.
If you were affected by the attack, your first/default address (index 0) is almost certainly exposed. It is the address that some wallets may be using by default or as the only address at all, and nearly always has transactions. That history is all an attacker needs.
Please DO NOT RESTORE your recovery phrase into another Cardano wallet. This does not mitigate the security risk.
Your keys are derived from your recovery phrase, not from the app. Restoring the same phrase into another wallet recreates identical addresses with identical exposure. The compromised thing is the key of the compromised address(es), not the interface you are using.
If you were affected by the attack, and use any of your compromised address(es) to deposit it could be drained again. This includes withdrawing staking rewards even using another wallet.
Reward withdrawal and delegation are signed with the stake credential. The withdrawn funds could be routed to your first/default address (as indicated above), which has a high chance of being compromised (wallets work differently managing it). Mempool-monitoring adversaries can front-run or sweep your assets on confirmation.
There has been conflicting advice from community members in an attempt to be helpful. Do nothing until official steps come from SecondFi.
We are working to facilitate the verification process so users can claim back their assets safely. Following the above is very important, if not it makes verified claims more difficult.
The only thing you should do right now is submit a ticket at https://t.co/bKfl8SK9D2
We will never DM you first or ask for your recovery phrase.
As per our previous post:
https://t.co/LGhovIoI3T
We have identified the root cause and have since rolled out a patch for all unaffected wallets. This will allow us to resume normal operations soon.
-----
Regarding affected wallets, 4 distinct draining events occurred. 3 were executed by external threat actors, resulting in a loss of ~16m ADA across 374 addresses.
To prevent total loss during the active exploit, emergency rescue measures were triggered to secure the available ~129m ADA and continues to be routed to an independent, qualified third-party custodian, where they are held securely for the benefit of the affected wallet addresses.
An external accounting firm has been engaged for a special audit to independently verify those holdings.
We are working to facilitate the verification process so users can claim back their assets safely. Affected users should submit their claim at https://t.co/bKfl8SK9D2
We take this incident seriously and are working to ensure all assets are returned to affected users as soon as possible.
As stated, we have identified the root cause, it is at the address level. Please DO NOT RESTORE your recovery phrase into another Cardano wallet, this does not mitigate the security risk. The security risk occurs when an affected user signs a transaction.
Further explanation to follow.
There has been conflicting advice from different community members in an attempt to be helpful.
⚠️ DO NOT RESTORE your recovery phrase into a new Cardano wallet.
As advised, do nothing until official steps come from SecondFi. The only thing you should do is submit a ticket at https://t.co/bKfl8SK9D2.
We will never DM you first or ask for your recovery phrase.
By collaborating with these ecosystem leaders, we are monitoring exchange touchpoints, and minimizing the impact on other protocols.
Cardano stands together. We are grateful for the support of the ecosystem and will continue to provide updates as our investigation and recovery efforts progress.
⚠️ What You Need to Know Right Now:
While SecondFi is in maintenance, you will not be able to undertake transactions.
Beware of Scammers: We are seeing an immediate surge in fake "support" accounts and impersonators.
Official Channels Only: SecondFi team members will NEVER DM you first, ask for your seed phrase, or request fund transfers.
All official support is handled strictly through logged tickets at https://t.co/C5s1yFPlq1.
Thank you for your patience and we will provide regular updates as we make progress.
Self-custody puts you in control of your funds.
It also means the safety part is on you.
Worth running through the basics:
▪️ Your recovery phrase stays with you. Nobody needs it, including us. Anyone who asks for it is trying to drain you.
▪️ You approve every transaction yourself, so actually read it first. Wrong amount, or an address you don't recognize? Don't sign.
▪️ Onchain, there's no undo button. The few seconds you spend checking the address are the only protection you get.
Need help? One portal: https://t.co/C5s1yFPlq1. There is no support on X. Anyone in your replies or DMs offering to recover your funds is running a scam.