SecondFi has recognized the foundation reason for the current exploit that focused a whole lot of Cardano wallets. It warned affected users not to restore their restoration phrases into one other wallet, because the compromise happens on the private key stage somewhat than the wallet utility itself.
In an investigation replace printed on June 25, the Cardano wallet supplier stated the attack stemmed from a deterministic nonce derivation flaw in its software program signer. This allowed attackers to mathematically reconstruct private keys from publicly obtainable blockchain information after affected addresses signed transactions.
The findings come days after the exploit drained roughly 16 million ADA, value about $2.4 million. It affected 374 wallets throughout 4 separate wallet-draining occasions.
SecondFi says signing flaw uncovered private keys
In accordance to SecondFi, the vulnerability existed on the deal with stage. This implies compromised keys stay uncovered even when users import the identical restoration phrase into one other Cardano wallet.
The corporate stated each transaction signed by an affected deal with leaked enough data for attackers to derive that deal with’s private key from on-chain information.
Because of this, SecondFi urged affected users not to migrate their restoration phrases to one other wallet or try to transfer funds independently. It warned that compromised addresses might be drained once more.
It additionally cautioned in opposition to withdrawing staking rewards, as such transactions might expose funds to attackers monitoring the mempool.
As an alternative, the wallet supplier suggested affected users to await its official restoration course of whereas submitting claims by means of its assist portal.
Restoration effort enters subsequent section
SecondFi stated it has accomplished mapping all wallets affected throughout the preliminary exploit and has begun the following stage of its restoration program.
The corporate confirmed that 374 wallet addresses have been impacted, with roughly 16 million ADA compromised. It added that emergency containment efforts have already secured round 129 million ADA, which is being held pending restoration operations.
SecondFi has additionally established a devoted restoration fund to reimburse affected users and engaged a number of exterior safety corporations to audit its programs earlier than resuming regular operations.
The platform stays in upkeep mode whereas unbiased safety evaluations proceed.
Investigators determine two attacker teams
As a part of its newest replace, SecondFi stated it had recognized and remoted the blockchain addresses related to two attackers liable for the automated wallet-draining campaigns between June 21 and 23.
In accordance to the investigation, one attacker drained 171 wallets throughout two waves. On the identical time, a second actor compromised 203 wallets throughout a separate sweep.
The corporate additionally disclosed that roughly 4.02 million ADA linked to the exploit stays in a single recognized assortment wallet. The wallet has been flagged and stays beneath energetic monitoring.
Ultimate Abstract
- SecondFi traced the Cardano wallet exploit to a deterministic nonce-derivation flaw that enabled attackers to reconstruct private keys from public blockchain information.
- The corporate has launched a restoration program, recognized two attacker teams, and warned affected users not to restore compromised restoration phrases into different wallets.












