Cardano SecondFi wallet has identified a recovery path for users affected by Tuesday’s exploit and expects to begin returning assets in approximately two weeks, following testing and security reviews.

According to Saturday statement by Phillip Pon, CEO of SecondFi developer Emurgo, the company has completed forensic investigations and established a recovery path for affected users. Pon said the coming week will be spent building the solution, followed by another week of testing before resources begin to be returned.

Pon urged users to refrain from migrating assets or taking actions outside official guidelines, saying the recovery process was designed based on existing wallet balances and that independent actions could complicate the protected return of funds.

SecondFi developer Emurgo has shared an update on its wallet recovery efforts. source: Emurgo

SecondFi disclosed a security breach on Tuesday that affected approximately $16 million of ADA, worth about $2.4 million at the time, across 374 addresses. SecondFi previously said it linked the incident to an address-level issue in Cardano’s online wallet generation software that exposed users’ private keys.

Related: The second quarter of 2026 is the quarter most frequently attacked by hackers in history, with 83 incidents recorded

The company also said it secured approximately 129 million ADA through emergency measures and transferred the funds to an independent third-party escrow entity, where they will remain until the verification and recovery process is completed.

SecondFi has not yet published a comprehensive postmortem detailing the vulnerability or how the exploit was carried out.

SecondFi warns against data recovery scams

In a separate update on SecondFi Saturday warned that malicious actors are spreading counterfeit messages impersonating the wallet while recovery efforts are ongoing.

The company stated that no remediation actions requiring user participation have been initiated and that it will never ask users for private keys, seed phrases, wallet credentials, or direct wallet access.

SecondFi said any messages instructing users to submit wallet information, migrate assets or take immediate action outside of verified communication channels should be treated as fraudulent.

He added that users needing assistance should submit a ticket through the official support portal while the recovery process continues.

Warehouse: Artificial intelligence is serving unbanked people in Africa… faster than cryptocurrencies

Cointelegraph is committed to independent and crystal clear journalism. This news article has been produced in accordance with Cointelegraph’s Editorial Policy and is intended to provide exact and up-to-date information. Readers are encouraged to verify the information themselves.