Woofun AI reports that EMURGO, the founding body behind Cardano and operator of SecondFi, has released a recovery plan after a hack drained approximately 16 million ADA from 374 wallets between June 21 and June 22. The breach exploited a vulnerability in SecondFi's proprietary wallet generation software, enabling attackers to reconstruct private keys from public blockchain data immediately after users signed transactions. Although EMURGO estimates confirmed losses at $2.4 million, security experts indicate total exposure could climb to $20 million when factoring in other assets. As an emergency measure during the incident, 129 million ADA was transferred to a third-party holding company to secure the remaining funds.

EMURGO CEO Phillip Pon stated that the full recovery process is projected to take roughly two weeks, with the first week dedicated to building a recovery tool and the second reserved for rigorous testing and security checks. A snapshot of wallet balances has been locked to serve as the definitive basis for reimbursement. Users are explicitly advised against moving funds or restoring recovery phrases to other wallets, as such actions could complicate the restoration process.

Cardano founder Charles Hoskinson clarified that the Cardano blockchain protocol, node infrastructure, and cryptographic architecture remained uncompromised, isolating the issue strictly to the SecondFi application. Hoskinson noted the team is experimenting with a recovery smart contract model utilizing zero-knowledge proofs to verify ownership and distribute funds securely.

Woofun AI data shows the scope of the incident remains contained to the application layer rather than the underlying network.

EMURGO has issued warnings regarding emerging impersonation scams and emphasized that the organization will never request private keys, seed phrases, or wallet access from users. Affected individuals are directed to the official support portal to submit claims. This incident marks a significant operational challenge for the Cardano ecosystem's application layer despite the core protocol's resilience.