How an attacker drained a Cardano DeFi project of more than 129 million ADA
The funds were not taken with a stolen password or a phishing link. They were taken because the keys that secured them were never truly secret — a defect in SecondFi's own wallet-generation code. We reconstructed the theft transaction by transaction.
Search the full drain ledger
Transaction-level records for all 3,072 victim wallets — amounts, timestamps, collectors, and wave. Filter or search the sheet for your address.
In the small hours of June 21, a string of long-dormant Cardano wallets, some untouched since the network's earliest days in 2020, began to empty one after another into addresses their owners had never seen. By the time the draining stopped two days later, more than 129 million ADA and thousands of other tokens had been swept out of 3,072 wallets belonging to users of SecondFi, a decentralized-finance project built on the Cardano blockchain.
The losses, which the project's users say exceed $20 million, bear none of the hallmarks of individual phishing or stolen passwords. The on-chain pattern points the other way: a single operator already held the private keys to thousands of wallets, including some dormant since 2020, and emptied them on command. How those keys came to be exposed is the question at the center of the case.
SecondFi has said the breach traces to a defect in its own wallet-generation software, the code that creates the cryptographic keys a user signs transactions with. In a public notice, the project warned customers that the danger lives at the level of the wallet's address itself, and that moving funds to a new wallet does not make them safe.
Do not restore your recovery phrase into a new Cardano wallet.
— SecondFi, public breach notice
It is an unusually stark instruction, and it points to the core of the problem: if the keys were generated in a predictable or recoverable way, then whoever holds the flaw holds the wallet, no matter where the seed phrase is typed next.
Cos, the founder of the blockchain security firm SlowMist who also goes by Yu Xian, was among the first to flag the attacker's addresses publicly. Reviewing the fund flows, he estimated that real user losses "could theoretically exceed $20 million," involving "more than 129 million ADA and other tokens." A review of Cardano's on-chain records bears out the scale of his estimate almost to the coin.
01 — Two wavesTwo waves, one operator
The first wave began at 8:29 p.m. UTC on June 21, when three collection wallets sprang to life in the same second and started pulling in funds. They drained roughly 12 million ADA directly from about 198 wallets, along with hundreds of different tokens, then fed the haul into Minswap V2, the pool contract of Cardano's largest decentralized exchange, and swapped the stolen tokens into ADA. That fits the complaints from users that even their lending balances were emptied. The wallets recycled the same coins through Minswap so many times that their raw turnover swells past a billion ADA, far beyond the actual theft. When the swapping stops, the proceeds gather in no single wallet. They scatter across Minswap and at least one other exchange contract, where the attacker's coins dissolve into ordinary trading. The first wave leaves no vault to point at.
One of those early victims described the experience plainly. The blockchain confirms it: at 8:31 p.m. UTC on June 21, which was 5:31 the next morning in their own time zone, exactly 38,421.556 ADA left their wallet in a single transaction and landed in one of the attacker's collectors.
The second wave was larger and more direct. Starting before dawn on June 23, a hub wallet pulled in roughly 135 million ADA by sweeping nearly 2,900 wallets one transaction at a time. Among them were whales whose wallets dated to July and August of 2020, holders who had done nothing more provocative than leave their coins where they sat. Within hours, the hub forwarded 129,430,001 ADA in seven transactions into a single vault wallet, opening with a one-ADA test transfer before sending two blocks of 60 million each. That vault has not moved a coin since. The attacker kept the stolen tokens, more than 3,800 of them, including roughly 20 million NIGHT and 263 million SNEK, in the hub and never sold.
Collectors → Minswap → scattered
Hub → one sealed vault
A small but telling thread ties the two waves together. Each draining transaction needed a few ADA of its own to pay network fees, and that gas was supplied, again and again, by a single funding wallet — about seven ADA at a time, across more than 400 transactions spanning both days. That wallet was itself bankrolled by an older, high-throughput "treasury" address. The shared plumbing, the identical method, and the back-to-back timing all point to one operator. In all, the two waves emptied 3,072 wallets: 198 in the first, 2,874 in the second.
Reconstruct Cardano drains in plain English
Address profiling, directional fund-flow mapping, sweep ranking, DEX churn stripping, and shared-counterparty gas-funder detection — all against indexed Cardano transfer data. The same public ledger the attacker moved across in the open.
02 — RecoveryWhat can still be recovered, and what cannot
The 129.4 million ADA in the dormant vault is, for now, frozen in plain sight. It has sat untouched since midday on June 23, and because it has not reached an exchange, it remains a candidate for recovery if the funds ever move somewhere that can act on them. The thousands of tokens still parked in the hub wallet are likewise visible and unsold. Together they are the bulk of the headline loss, and the best hope for victims.
At roughly $0.15 per ADA, the price implied by the holdings of Cardano's largest liquidity pool, the dormant vault is worth about $19 million, close to the "$20 million" figure that has circulated publicly. An early reading of the raw collector balances suggested the haul ran far higher, toward 99 million ADA in the first wave alone. That figure turned out to be an artifact of churn. The first-wave wallets cycled the same coins through Minswap more than a dozen times, inflating their apparent throughput. Stripped of the churn, the first wave's direct theft was on the order of 12 million ADA plus tokens. The recoverable core of the attack is the second wave's 129 million ADA, sitting still in the vault.
The first wave's roughly 12 million ADA and its stolen tokens are the harder case, and the likelier lost. The attacker did not park them. It liquidated them through Minswap and at least one other decentralized exchange, where they mixed into ordinary volume. There is no first-wave vault to freeze, only a trail that fragments across DeFi contracts, recoverable, if at all, through painstaking order-by-order analysis.
A few caveats temper the precision. ADA's dollar value is pinned here to roughly fifteen cents, the rate implied by Cardano's largest liquidity pool on the day of writing, and that number moves. The tokens are rougher still, because the on-chain dictionary that names them misreports the decimal places for at least one major asset, so their dollar worth is an estimate rather than a count. The first wave's size is bounded from below rather than fixed: about 12 million ADA passed directly from victims into the attacker's hands, but the value of the tokens swept alongside it, then sold off through the exchanges, resists a clean tally. And one wallet said to still hold roughly 4 million ADA comes from a community analyst's accounting that this review did not independently reproduce.
For SecondFi's users, the most urgent guidance is also the most counterintuitive. Because the vulnerability lives in how their keys were made, the usual reflex — moving everything to a fresh wallet — offers no protection. The project says it has isolated the affected wallets and promised mitigation steps. Until those arrive, the safest wallet for an affected user may be no new wallet at all.
03 — The ledgerBy the numbers
| Metric | Value |
|---|---|
| Total drained from SecondFi users | ~141.9M ADA across both waves, plus 3,838 token types |
| Victim wallets drained | 3,072 total — 198 first wave + 2,874 second wave |
| Second-wave vault (dormant) | 129,430,001 ADA — about $19.4M at $0.15/ADA |
| First-wave direct theft | about 12.3M ADA from 198 base wallets, since dispersed |
| Tokens held in the hub | 3,838 types, incl. ~20M NIGHT and ~263M SNEK |
| Attack window (UTC) | 2026-06-21 20:29 → 2026-06-23 12:20 |
| Collectors launched | 2026-06-21 20:29:41 — all three in the same second |
| Hub-to-vault transfers | 7 transactions, including two of 60,000,000 ADA |
| Fee-funding wallet | about 7 ADA per tx, across 406 transactions |
| ADA reference price | about $0.15, implied by Cardano's largest liquidity pool |
04 — The mapOn-chain addresses
Tagged from on-chain analysis. Payment addresses and transactions link to Bitquery Explorer; stake accounts link to AdaStat.
| Role | Address / stake account |
|---|---|
| Attacker — hub & token vault A1 | addr1q8g8cgw…vuz99 |
| Attacker — dormant ADA vault A2 | addr1qxd39k4…wxpl3 |
| Attacker — collector 1 stake | 52838a79…6497c5 |
| Attacker — collector 2 stake | 1dde43d2…2ab60c |
| Attacker — collector 3 stake | 8bd0c0f7…6afe292f |
| Attacker — fee / gas funder | addr1q8acx4h5…cezfa8 |
| Funding source "treasury" · unconfirmed | addr1v8wfpcg4…s6g07rfjm |
| Minswap V2 pool a DEX — NOT attacker-owned | addr1z84q0denmye…777e2a |
05 — The receiptsKey transactions
| Transaction | What it shows |
|---|---|
| 16f81996…08814 | The reported 38,421.556 ADA victim drain, with the fee-funder as a co-input |
| c9556fbe…acf5a0 | The single largest second-wave sweep — 5.41M ADA into the hub |
| fab61e24…098d93 | First 60,000,000 ADA block, hub to vault |
| c5aceba0…651d71 | Second 60,000,000 ADA block, hub to vault |
Reconstructed through Bitquery
Address profiling, directional fund-flow mapping, time-windowed sweep ranking, DEX-swap churn stripping, and shared-counterparty (gas funder) detection — all against indexed Cardano transfer data. The same public ledger the attacker moved across in the open.
06 — SourcesSources and further reading
| SlowMist · Cos (Yu Xian) | First flagged the attacker addresses — x.com/evilcos |
| SecondFi | Affected project's public notice — x.com/secondfiapp |
| Minswap | The DEX the first wave routed through — minswap.org |
| Block explorers | Bitquery Explorer · AdaStat · Cardanoscan |
| Victim transaction sheet | Google Sheets — 3,072 wallets, transaction by transaction |
Full drain ledger — 3,072 wallets
Every victim drain reconstructed at transaction level: wallet, amount, timestamp, collector, and wave. Open the sheet to search or filter your address.
Run investigations like this with AI
Bitquery AI Investigations traces fund flows, clusters wallets, and surfaces dormant vaults across 40+ chains — the moment a block is final, through one interface.
This account is based on a transaction-level analysis of Cardano on-chain data and on public statements by SecondFi and by SlowMist's Cos (Yu Xian). It is provided for informational and educational purposes only and does not constitute legal, financial, compliance, or investment advice.
First-wave ADA figures are stated net of decentralized-exchange swap churn, which inflates raw on-chain turnover several times over; token valuations are approximate and depend on per-token decimal precision that remains to be verified. ADA is valued at about $0.15, the rate implied by Cardano's largest liquidity pool at the time of writing. One wallet said to still hold roughly 4 million ADA comes from a community analyst's accounting that this review did not independently reproduce.
Blockchain addresses are pseudonymous, and the presence of a transaction between two addresses does not by itself establish the identity, intent, or knowledge of any party. Attacker, victim, and infrastructure attributions are based on on-chain behavioral analysis and third-party sources, may be incomplete or contain errors, and may change as additional data becomes available. References to Minswap and other named services describe transaction flows observed on-chain and are not assertions of wrongdoing by those entities. All trademarks and company names are the property of their respective owners.