@secondfiapp Hi
I didn't know I shouldn't delete the wallet. And I deleted it out of fear for the safety of my other accounts.
Please make the recovery process so that the wallet is not needed
Thank you.
🛡 Recovery Process Update
Your assets remain safe. Our team's full focus is on recovery. Here is where things stand today:
How do I check if my wallet is affected?
The asset recovery wallet checker is now live: checker.secondfi.io
This is the only official checker, hosted on our secondfi.io domain and shared only through @secondfiapp / @secondfi_jp. It is prepared on a best-efforts basis. It will never ask you to sign a transaction. Any tool that does is a scam.
This is phase one. In phase two, the checker will show whether your wallet has been affected, alongside an air-gapped transfer option to move assets securely.
I am not affected, what are my options?
If you wish to migrate, we recommend moving your assets to a newly created wallet using a hardware wallet only. We will release clear, step-by-step migration instructions to guide you through this.
I am affected, what do I do?
We are working on an onchain recovery tool. For now, submit a ticket at support.secondfi.io and keep your app and seed phrase safe. Recovery instructions will only be released once the Intersect Security Council has completed its review.
How do I recover my assets?
Our teams are working with the smartest minds in Cardano, who have dropped everything to work on this incident, to develop an onchain claims portal. Which is now in preview mode and will be released soon.
Understanding what happened
Several auditors and independent experts are analysing onchain activity and validating our findings. Reports are coming, and we intend to share relevant reports once finalised. We cannot share findings before then, as doing so may cause further issues.
How do I make a claim?
If you want to make a claim, submit your ticket at support.secondfi.io.
Please remember:
DO
- Keep the SecondFi app installed
- Keep your seed phrase safe
- Use only checker.secondfi.io to check your wallet
- Submit a ticket at support.secondfi.io
DON'T
- Delete the SecondFi app
- Share private keys, recovery phrases, or wallet credentials with anyone
- Trust any checker, link, or account outside our official channels
- Act on messages telling you to move assets or submit wallet information
SecondFi will NEVER request private keys, recovery phrases, or wallet credentials. No recovery actions requiring user participation have begun. @secondfiapp / @secondfi_jp remains the official channel for all updates.
@secondfiapp@emurgo_io I had 4 wallets in the secondfi app and when I saw that 2 of them were stolen after the hack, I removed the software from my phone so that maybe the other 2 wallets would be safe. Now I have seen in your new announcement that you have said that you should not delete your wallet
🛡 Recovery Process Update
Today, we want to share an update across three areas:
⚙️ Returning user assets
⚙️ Moving user assets safely
⚙️ Onchain recovery
1. Returning User Assets
- Drained by the attackers: @emurgo_io has funded an Asset Recovery Wallet specifically to return assets to users whose wallets were compromised in the attack.
- Secured through our emergency rescue response: These assets are currently protected and accessible. We are in discussion with @IntersectMBO on the appropriate custody mechanism to ensure they are held securely and returned to users.
2. Moving Your Assets
Our initial guidance was to stay put which was a deliberate step while we worked to fully understand the attack vector and avoid exposing users to further risk. Following active discussions with the Intersect Security Council, should you decide to move your assets, we recommend creating a new wallet using a hardware wallet only. A hardware wallet is the most secure option available.
Important: However, users should NOT delete the SecondFi app under any circumstances. We strongly advise users to retain BOTH the app and their seed phrase, as they will be required to support the asset recovery process currently underway.
3. Onchain Recovery
Our team is actively progressing an on-chain recovery solution designed to support the secure return of user assets. Extensive technical assessment has identified this as the most secure and efficient recovery pathway currently available.
We are now working closely with a Cardano community-led task force to develop, validate and execute this solution securely.
This process is more complex than originally anticipated and may require additional time beyond our previously estimated 2-week timeline.
We will continue providing updates as progress continues.
Important Security Reminder:
SecondFi will NEVER request private keys, seed phrases, wallet credentials, or request asset transfers under any circumstances. We will never DM you first.
Any message instructing you to move assets or submit wallet information outside of our verified official channels should be treated as fraudulent. Our official channels are our verified SecondFi X account and support.secondfi.io.
For support, please submit a ticket only through our official support channel at: support.secondfi.io
Thank you for your continued trust as this work continues.
@secondfiapp I had 4 wallets in the secondfi app and when I saw that 2 of them were stolen after the hack, I removed the software from my phone so that maybe the other 2 wallets would be safe. Now I have seen in your new announcement that you have said that you should not delete your wallet
🛡 Recovery Process Status
The team remains on track against the estimated 2-week recovery timeline, with substantial progress continuing as engineering teams work through multiple technical approaches in parallel to determine the most secure recovery solution for affected users.
What Comes Next:
To help users safely prepare for the upcoming next steps, we will be releasing:
1. A suitable mechanism that will allow users to check whether their wallet has been affected by early next week
2. A secure process that will allow users to safely move assets out of the platform thereafter.
Our commitment remains unchanged: protecting users and ensuring assets are returned securely.
Important Security Reminder:
At this stage, NO recovery actions requiring user participation have begun.
Until official instructions are provided, wallets should remain untouched and users should continue to rely only on updates shared through official SecondFi channels.
SecondFi will NEVER request private keys, seed phrases, wallet credentials, or request asset transfers under any circumstances.
Should you have any questions, please submit a ticket only through our official support channel at: support.secondfi.io
We remain fully committed to completing this process safely and responsibly, and thank you for your continued support.
@IOHK_Charles@Quantumplation@SebastienGllmt I have always defended you and Cardano to others but now they are blaming me for how this happened after the wallet rebrand. Please prove everyone wrong about the Cardano team. Please please please. I have been feeling really bad for the past few days after losing my assets. 😢
I've begun experimenting how to develop a recovery smart contract that can vend out from a pool of Ada and CNTs using a zero knowledge proof of possessing the 24 keywords that generate a wallet. I'll sync with @Quantumplation@SebastienGllmt and the Midnight team on what is discovered.