EMURGO, a co-founding organisation of the Cardano blockchain, said it has found a recovery method that could return assets lost in the SecondFi wallet hack within about two weeks.

The Block reported on June 27 that EMURGO CEO Phillip Pon (필립 폰) said on social media platform X that it completed a forensic review, verified wallet balances and found a "clear recovery solution".

EMURGO plans to spend 1 week building the recovery mechanism and 1 week testing it. Pon urged affected users to refrain from any action other than following official guidance, and stressed that SecondFi never asks for private keys, seed phrases or wallet access.

SecondFi saw four asset outflows between June 21 and 23. External attackers, in three incidents, stole about 16 million ADA, worth about $2.4 million at the time, from 374 wallet addresses.

The fourth was not an attack but a move by SecondFi. It urgently transferred about 129 million ADA to an external custody provider to prevent further losses.

SecondFi said users' private keys were exposed due to an address-level flaw in its wallet creation software.

Tibane Labs provided a more detailed analysis. Tibane Labs said the cause of the hack was an Ed25519 signature bug in which a secret value that must be newly generated for each signature was missing in the wallet signing process. It said this allowed private keys to be reconstructed with a single signature.

Tibane Labs called the incident a governance failure rather than a simple coding error. It said a Cardano co-founding organisation deployed unaudited code to production without independent review. Security researcher Taylor Monahan (테일러 모나한) also said SecondFi "built its own cryptographic code, kept the source code private and did not have it audited."