Marcel Fuentes

13 posts

Marcel Fuentes

Marcel Fuentes

@MarcelFuentes3

Katılım Mayıs 2021
1 Takip Edilen6 Takipçiler
Marcel Fuentes
Marcel Fuentes@MarcelFuentes3·
@secondfiapp I feel like it should be pretty simple for the wallets that were drained to the “recovery wallet” just have them give you a new wallet address and send back what your took. It’s all on chain and can be verfied.
English
7
0
2
689
SecondFi
SecondFi@secondfiapp·
⚠️ Important Security Update We are seeing an increase in malicious activity and impersonation attempts related to the recent incident. As a precaution, please DO NOT deposit any additional funds into your existing SecondFi wallet until further notice. To help users safely navigate next steps, we will be releasing: 1. A suitable mechanism to allow users to check whether their wallet has been affected by early next week. 2. A secure process that will allow users to safely move assets out of the platform thereafter thereafter. Please remember that NO recovery actions require user participation have begun at this stage. Wallets should remain untouched until official recovery instructions are provided. SecondFi will NEVER request private keys, seed phrases, wallet credentials, or request asset transfers under any circumstances. For support, please submit a ticket only through our official support channel at: support.secondfi.io Thank you to everyone for your continued patience and trust as this work continues.
English
18
29
102
29.6K
Marcel Fuentes
Marcel Fuentes@MarcelFuentes3·
@FaveBraindelay @secondfiapp I believe this is the rescue collection wallet addr1q8g8cgwqw98q2mrzrwgcy3wectdxwem8a8zp9r2mn6wjy7q4x7gcpv39wwurj7n72akw4kd0dgmv72gz4j92fvhn29ss7vuz99
English
4
0
0
92
SecondFi
SecondFi@secondfiapp·
🛡️ Recovery Process Update Our team remains focused on returning assets to affected users, and we are making strong progress on a structured recovery and verification process. Two important updates today: 1. The final balance snapshot has been taken today, Friday 26 June 2026. We have been capturing regular snapshots throughout the incident response, and this final one gives us an accurate, verified record of balances to work from as we prepare recovery. 2. Timing of recovery. Behind the scenes, our engineering and security teams have worked around the clock to validate balances and evaluate recovery mechanisms. This has led to a solution where assets can begin being returned, which we estimate is around two weeks away: roughly one week to reach a working solution, then a week of testing and review. Timing may shift as the work continues but our priority is clear: a safe return of funds and getting SecondFi back online responsibly. We will resume operations once we are fully confident the platform is secure and all security reviews are complete and we are determined to get there as quickly as we safely can. For now, the only action required is to submit a support ticket at: support.secondfi.io. We appreciate your continued patience as we work through this process responsibly and will continue sharing updates as progress is made.
English
40
48
209
21.9K
$Braindelay
$Braindelay@FaveBraindelay·
@secondfiapp The big question is, will I only get my $ada back or everything else I had? Including midnight-3:native , handles and NFTs. I know they are sitting in this white-hat wallet! addr1q8g8cgwqw98q2mrzrwgcy3wectdxwem8a8zp9r2mn6wjy7q4x7gcpv39wwurj7n72akw4kd0dgmv72gz4j92fvhn29ss7vuz99
English
11
0
10
1.3K
Marcel Fuentes
Marcel Fuentes@MarcelFuentes3·
@phil_uplc @kenerik Does this tool only work on browser extension and it will detect the second Fi extension on my Google Chrome?
English
1
0
1
65
Phil 🪏
Phil 🪏@phil_uplc·
@kenerik Check if your nonce is cooked and helps you perform migration safely to a new wallet avoiding many of the pitfalls that resulted in users attempting self-migration to cause additional funds (which were previously not compromised) to become compromised.
English
2
0
10
868
Phil 🪏
Phil 🪏@phil_uplc·
Here is a webapp I wrote to facilitate safe migration of wallets that I have been sharing with users I verified as impacted since the original incident occurred. My legal counsel finally gave approval to publish the tool publicly: is-my-cardano-safu.vercel.app You can use "Get Me Outta Here", and it will handle the corner cases that can result in loss of funds. Note that the tool is use at your own risk, it performs the safe migration handling the known edge-cases, however it doesn't guarantee comprehensiveness and there may be uncovered edge-cases that even this tool is not equipped to handle.
Quantumplation | Pi Lanningham@Quantumplation

There are obscure and rare corner cases where this can lead to further loss of funds. Some wallets will automatically withdraw staking rewards as part of the first transaction and return them to your wallet instead of sending them to the other wallet. If you panic and only send ADA, your native assets will be returned to you as change. This can move assets from somewhere that they're safe, to an address that is compromised, and expose them to further losses. The point is, if you understand all the nuance and corner cases, there is a safe way to move your funds. If you don't, and you're rushing and panicking, there are ways you can make a mistake. And that's why I'm being careful not to tell people what they *should* do, while still trying to be helpful.

English
34
77
211
30.7K
Marcel Fuentes
Marcel Fuentes@MarcelFuentes3·
@secondfiapp Kinda hard to do that when all you assets have already been drained.
English
9
0
5
332
SecondFi
SecondFi@secondfiapp·
⚠️ As stated, we have identified the root cause, it is at the address level. Please DO NOT RESTORE your recovery phrase into another Cardano wallet, this does not mitigate the security risk. The security risk occurs when an affected user signs a transaction. In addition, we are working to facilitate the verification process so users can claim back their assets safely, following the above is very important, as it makes claims more difficult. There has been conflicting advice from different community members in an attempt to be helpful. Do nothing until official steps come from SecondFi. The only thing you should do is submit a ticket at support.secondfi.io. We will never DM you first or ask for your recovery phrase.
English
40
15
75
14.1K
Unknown Artist
Unknown Artist@VvPaint·
@secondfiapp thank you for your clarification , so , this means this address : stake1uy2n0yvqkgjh8wpe0fl9wm82mxhk5dk09yp2ez4ykte4zcgg2e9m5 is not from hackers and my assets are safe with you ?
English
5
0
2
839
SecondFi
SecondFi@secondfiapp·
We aim to provide the latest update on our investigation into the exploit As mentioned in our previous post, between June 21–23, 2026, a sophisticated, automated attack drained funds from multiple Cardano wallets. We now have identified and isolated the addresses of 2 attackers. We are sharing them below with the community, for full transparency. Attacker A (Waves 1 & 2) Drained 171 wallets across two automated batches. • Collection Wallet 1: addr1q9j7f598x988unr4zhjulft205jqnn9ewgwkhes5smf2sr6jsw98nm4qq38jw9epe587twavuhuhj5d8r92rjvmyjlzs9lqc3x • Collection Wallet 2: addr1q9wudkfeelzwev427yvapkmqexmet8q4vl303m7a4eerwtvt6rq00zyuqzeuw759vgqtdky0gyxnqx27n8q4k6h79yhsqelma8 • Collection Wallet 3: addr1q82jlp2u0ezv2hsf6f40fkrv49hd72yv442nmrr5qeultpqamepaykp3m564hnd4zp75wxxds2j6d3ywvc8prhf2kcxqn6nql3 • Central Fee/Change Address: addr1q8acx4h5a38x6ekpsp0x7aelw6mflt78khmz8lz75rtnqvn07w88zx2e89tgzqr3x0mecngqlg87kq9surhk48hj79mqcezfa8 • Attacker Stake Key: Stake1u9hl8rn3r9vnj45pqpcn8auuf5q05rltqzcwpmm2nme0zasf40ymg Attacker B (Wave 3) Drained 203 wallets in a separate automated sweep. • Collection Wallet (⚠️ 4,020,468 ADA linked to the exploit remains in this address, which has been flagged and is under active monitoring and investigation): •addr1q8m5wdncq7rwum73r5cyyr82qx2xjem5k4ehapl3wy36aaerj829vasl3amtcwshgvnn6a25dr850tfw6qaj420d2szsslkku6 • Attacker Stake Key: stake1uy3er4zkwc0c7a4u8gt5xfeaw42x3n6845hdqwe248k4gpgdq4da5
English
40
42
151
35K
Kyle Latham
Kyle Latham@KyleLat96663222·
@secondfiapp So what is this address then its listed as exploiter but not of list above.
Kyle Latham tweet media
English
15
0
5
1K
Erick Cisneros
Erick Cisneros@ecisnerosdev·
The wallet that took all of my ADA still has a large balance. I don’t understand how you can say that most of the ADA has already been recovered. Address: addr1q8g8cgwqw98q2mrzrwgcy3wectdxwem8a8zp9r2mn6wjy7q4x7gcpv39wwurj7n72akw4kd0dgmv72gz4j92fvhn29ss7vuz99
Erick Cisneros tweet media
English
25
6
30
4.8K
Angry Crypto Show
Angry Crypto Show@angrycryptoshow·
UPDATE: Midnight Foundation CTO says "very good news for everybody affected. The majority of funds were a white hack, so they can be returned via an official support ticket, careful for scammers! Over 129M $ADA continues to be routed to an independent custodian, held securely."
Angry Crypto Show tweet media
English
3
5
38
3.2K
Marcel Fuentes
Marcel Fuentes@MarcelFuentes3·
@adaorca1 Ya I’ve have my Ada on yoroi for years and have even deleted every app on my phone and only kept my seed phrase in my house and now this happens. It’s something about that second fi update. It was probably a setup. Ughh I should have sold all my ada during the last trump pump.
English
1
0
2
386
ADA Orca
ADA Orca@adaorca1·
Nearly criminal activity
ADA Orca tweet media
English
12
6
73
10.8K
Marcel Fuentes
Marcel Fuentes@MarcelFuentes3·
@bigpey Ya it’s too late for that when the hack happened when you were alseep.
English
0
0
0
88
BBHMM | ☔️ | ADA | WMTx | Apex Fusion | Midnight
Let me get this straight @emurgo_io You create a wallet and call it @YoroiWallet It barely works but the parts that do work it essentially pushes delegation to go to your stake pools and DReps. Your pool keys get compromised, spin up new pools, and still have multiple millions staked to old pools doing nothing. Taking decentralization the wrong direction. Then you change your wallet to @secondfiapp . Within a month your new wallet, has the biggest compromises on the Cardano ecosystem. What exactly are you doing to this ecosystem? What is wrong with you? You are nothing but a greedy threat.
English
14
17
150
5.8K
Ryan
Ryan@yeck_ryan·
Hi! @secondfiapp @emurgo_io should we holders be sending in transaction data to the support team or sharing / engaging the FBI at This time? Communication a bit weak for affected investors.
English
9
3
39
3.3K