EMURGO, one of the founding organizations of the Cardano blockchain, announced that it has defined a plan to recover the resources lost in the attack that hit the SecondFi wallet. According to the company, the expectation is to complete the fund return process in approximately two weeks, after finalizing the development and testing of the recovery mechanism.
The statement was released by EMURGO CEO Phillip Pon, who reported that the forensic investigation has already been completed. The company said it had validated the balances of the affected wallets and identified what it described as "a clear recovery solution".
According to the presented timeline, the first week will be dedicated to developing the tool responsible for recovering the assets. Next, the solution will go through a testing phase before users can begin receiving the corresponding amounts.
The company also instructed affected customers not to move the funds present in the compromised wallets or carry out any procedure that is not part of SecondFi's official instructions. According to EMURGO, the entire process was structured considering the current state of the wallets affected by the incident.
Phillip Pon also reinforced that no step requiring user participation has been initiated. He warned that SecondFi will never request private keys, seed phrases, or any other wallet access data during the recovery process.
The announcement represents the first time the company has presented a concrete timeline for reimbursing users. Even so, technical details about the return mechanism and the methodology for calculating the amounts each customer should receive have not yet been disclosed.
Attack affected 374 wallets
According to information from the company, the vulnerability was exploited between June 21 and 23. Three external attacks resulted in the diversion of approximately 16 million ADA, valued at around US$ 2,4 million at the time, distributed across 374 addresses.
In addition to these movements, SecondFi reported that it carried out a preventive transfer of approximately 129 million ADA to an independent third-party custodian. The measure aimed to prevent further losses while the investigation was underway.
The company also identified two digital wallets used by the attackers. One of them was allegedly responsible for draining 171 wallets, while the second affected another 203. Around 4 million ADA linked to the attack remain at an address monitored by the responsible teams, while the case has already been reported to the authorities.
Report points to possible origin of the vulnerability
SecondFi attributed the problem to a flaw in its wallet generation software, which allegedly allowed the exposure of private keys during transaction signing. According to the company, restoring a recovery phrase in another wallet does not eliminate the risk when the compromised address continues to be used.
An independent technical analysis released by Tibane Labs provided a more detailed explanation. The report indicates that the vulnerability was not related to nonce reuse, but rather to an error in the Ed25519 signature implementation.
According to the researchers, an experimental SDK called trantor, made available on npm by an independent developer, had allegedly been incorporated in place of the previously audited version used by EMURGO. As a result, information that should have remained secret became reconstructible from a single signature recorded on the blockchain.
Tibane Labs also stated that the library used remained secure, but that the implementation adopted by the wallet left an essential parameter undefined, allowing private keys to be recovered from public signatures.
So far, EMURGO has not published a detailed technical analysis of the incident nor officially commented on the conclusions presented by the independent report. Security researcher Taylor Monahan also stated this week that SecondFi "developed its own cryptography" and that the software was closed-source and unaudited.
Tibane Labs' analysis indicates that only signatures made from June 8 onward were allegedly exposed, while transactions signed before that date remained protected by the previously audited implementation.

