Incident Background and Initial Response
SecondFi, a wallet service provider within the Cardano ecosystem, suffered a security attack that compromised some user assets. In the latest progress update, the Cardano commercial entity EMURGO has officially set up an asset recovery fund dedicated to returning assets to affected users. Meanwhile, SecondFi's team has successfully protected a portion of assets through emergency measures, making them accessible for subsequent return.
Custody Mechanisms and Community Collaboration
To ensure safe asset returns, SecondFi is engaging in in-depth discussions with Intersect (the core governance organization of the Cardano ecosystem) regarding appropriate custody mechanisms. Both parties aim to find a solution that balances security and efficiency, avoiding secondary risks. Additionally, the team is collaborating with a Cardano community-led working group to advance the design and implementation of an on-chain recovery solution. This solution aims to fix vulnerabilities or reorganize transactions at the blockchain level, but its technical complexity far exceeds initial expectations.
Timeline Update
In its latest statement, SecondFi indicated that due to the multi-party coordination, contract auditing, and on-chain governance involved in the on-chain recovery plan, the overall process is expected to take longer than the originally estimated two weeks. No precise timeline has been provided, but the community working group is accelerating efforts. Users are advised to monitor official channels for further announcements. This incident once again highlights the importance of security audits and emergency response mechanisms for wallet service providers, especially on UTXO-based public chains like Cardano, where on-chain recovery poses significant engineering challenges.

