In June 2026, SecondFi users were the victims of a hack. The official loss figure was originally $2.4 million, but other estimates are as high as $20 million. The attackers took advantage of issues with nonce derivation within the wallet’s digital signature code.
Inside the Attack
The root cause of the SecondFi hack was issues in how SecondFi’s wallet handled nonce derivation. In the ECDSA/EdDSA signature schemes, a key part of the process is nonce derivation, which involves creating a unique, random value that is only used for a single digital signature.
The issue with SecondFi’s wallet was that the nonce derivation code was deterministic, not random. By making the nonce somewhat predictable, the software leaked sensitive cryptographic information. As a result, each signature that a user created and posted to the network provided hints about their private key. With sufficient digital signatures, an attacker could collect enough pieces to mathematically reconstruct the user’s private key and digitally sign transactions on their behalf.
The scope of the SecondFi hack is disputed, ranging from 374 wallets with about $2.4 million lost to an estimated $20 million stolen. This second number originates from analysis of suspected attacker-controlled blockchain wallets.
After the incident was discovered, SecondFi rescued and rerouted an estimated 129 million ADA tokens to a third-party custodian for safe-keeping. The team also warned users not to try to restore their accounts using seed phrases in another wallet since these phrases were derived from root private keys that were exposed due to the cryptographic error in SecondFi’s wallet generation code.
Lessons Learned from the Attack
The SecondFi hack was made possible by a common issue with custom cryptographic implementations. Cryptographic algorithms have strict security requirements which, if violated, undermine the security of the entire protocol. When a cryptographic algorithm requires a nonce, the value must be random and single-use; otherwise, there’s the risk that an attacker might be able to retrieve a private key or decrypt encrypted messages.
This type of error can be identified as part of a pre-release code security audit. A comprehensive review by auditors with knowledge of cryptographic protocols and security best practices can help to identify these and other common implementation errors before code is deployed.
Halborn offers security advisory and smart contract auditing services designed to enhance security throughout the software development lifecycle (SDLC). To learn more, get in touch with Halborn.
