
Jacsam
1.2K posts

Jacsam
@j3j30104
I love you guys.Let's be together








I stayed in Cardano for 9 years. All my properties, Ada (998k), were stolen a day ago. Unbeknownst to me, the transaction was approved and Ada disappeared. Made by the founding organization Emergo, I only used this @secondfiapp wallet on my mobile (iPhone).

Also, I want to be clear on something. There is still a possibility that this could be a white hat intervention or some form of preventative action taken as a last resort. That would help explain some of the behaviour we are seeing, including the initial funding being linked directly to Binance, and the funds still sitting in a consolidation wallet without movement. At this stage, I do not think we can rule that out. Which may bring some positivity to some. More will become clear soon. Funds remain in this wallet as of now.

As per our previous post: x.com/secondfiapp/st… We have identified the root cause and have since rolled out a patch for all unaffected wallets. This will allow us to resume normal operations soon. ----- Regarding affected wallets, 4 distinct draining events occurred. 3 were executed by external threat actors, resulting in a loss of ~16m ADA across 374 addresses. To prevent total loss during the active exploit, emergency rescue measures were triggered to secure the available ~129m ADA and continues to be routed to an independent, qualified third-party custodian, where they are held securely for the benefit of the affected wallet addresses. An external accounting firm has been engaged for a special audit to independently verify those holdings. We are working to facilitate the verification process so users can claim back their assets safely. Affected users should submit their claim at support.secondfi.io We take this incident seriously and are working to ensure all assets are returned to affected users as soon as possible. As stated, we have identified the root cause, it is at the address level. Please DO NOT RESTORE your recovery phrase into another Cardano wallet, this does not mitigate the security risk. The security risk occurs when an affected user signs a transaction. Further explanation to follow.


To provide more clarity, we have identified the nature of the incident, it is at the address level. The security risk affects wallet users when a transaction is signed. Therefore recovery to another platform or wallet does not mitigate the risk. 🚨 DO NOT restore your recovery phrase into a new Cardano wallet. We have isolated the affected wallets and will post mitigation steps shortly.


The road to Cardano 2030 runs straight through Leios, and the testnet goes live this week. @lilybrodi and @cwpaulm interview @carloslodelar, who breaks down how this scaling breakthrough unlocks massive throughput and locks in the network's long-term sustainability.




Trace activity actively watching address: addr1qxd39k4peszxlf0x59e88hngpe5u9882y2lyhdzazsq4kfvmztd2rnqyd7j7dgtjw00xsrnfc2ww5g47fw6969qptvjshwxpl3 Holding 129.43 million ADA of stolen funds due to the attack, we will keep the heat on any movement of these assets, there is a community effort to inform CEX's including Binance. Again, I urge the attacker to refund the balance. @emurgo_io I suggest a public wallet where these funds can be refunded. cexplorer.io/address/addr1q…


🚨 An Important Security Update from the SecondFi Team We identified a security issue impacting a small number of Cardano wallets on our platform. We have contained the issue and paused the affected functions. Our engineering teams are actively working to restore full functionality to the platform. To protect our users, SecondFi has been temporarily placed into maintenance mode. All front-end interactions are paused.








How much has your DRep spent against this year's Net Change Limit? I built governance.cardano-visualisation.com to answer that question, but over a few evenings of coding it's quietly grown into a small Cardano governance-analytics platform. Still rough, plenty more things to change, but the core idea matters to me. Every YES on a treasury-withdrawal proposal is real ADA leaving the treasury. It's easy to lose sight of that one vote at a time. This site puts every DRep's YTD spend up against the Constitutional NCL so it's all visible in one place. Connect your wallet and you'll be taken straight to your DRep. Feedback and ideas welcome, there's a lot more I want to add, hope you like it.
