Charles Hoskinson: SecondFi Incident Puts Cardano Wallet Standards Under Scrutiny

SecondFi Estimates Impact At Approximately 16 Million ADA

The reported SecondFi security incident has become one of the most serious wallet-related issues to hit the Cardano ecosystem in 2026, placing renewed attention on how user-facing infrastructure is audited, secured and restored after a breach.

In a public response on June 23, Charles Hoskinson addressed the incident after SecondFi published an update confirming that it had isolated the root cause and determined the initial scope of impact. According to the update referenced in the response, the issue was confined to SecondFi’s native Cardano web wallet generation software.

SecondFi placed its current estimate of the total impact at approximately 16 million ADA. The company also confirmed that its platform remained in secure maintenance mode and that a full snapshot of balances had been taken as part of its operational response.

The incident appears to have resulted in the loss of user funds, while the final scope remains subject to independent technical review. SecondFi also indicated that it was working with a leading blockchain security firm to validate its findings.

Separate unverified community claims have circulated around a much higher potential exposure, including figures near 130 million ADA. Those claims have not been confirmed in the update discussed by Hoskinson. The confirmed estimate referenced in the response remains approximately 16 million ADA.

Independent Review Becomes The Next Test For SecondFi

The immediate priority is now containment, transparency and verified remediation. Hoskinson described the first phase as triage, focused on stopping further damage and identifying the precise blast radius. Once that phase is complete, the next step is a full explanation of what happened, why it happened, what failed and how the affected users will be treated.

Input Output has requested an independent audit and broader security reviews. The expectation is not only that the root cause is identified, but that external parties validate the findings and confirm whether the proposed fixes have been properly implemented.

That distinction is important because the incident affects user trust beyond the technical failure itself. A wallet breach requires more than a maintenance notice. It requires a clear public record, independent findings and a credible remediation path.

Hoskinson also separated Input Output’s role from the responsibilities of EMURGO and SecondFi. SecondFi is not an Input Output product. IOG did not write the code, does not operate the wallet and does not control EMURGO’s response. However, IOG’s incident response and technical teams can provide support with forensics, security review and technical guidance if requested.

Responsibility for any user remedy remains with EMURGO and SecondFi. The broader Cardano ecosystem, however, now faces a wider infrastructure question: whether wallet security standards are strong enough for products that hold and manage user funds at scale.

Cardano Wallet Certification Moves Into Focus

The incident has strengthened the case for a formal Cardano wallet certification framework. Wallets are critical infrastructure. They manage user keys, signing flows and access to decentralized applications. A failure at that layer can damage confidence even when the Cardano protocol itself is not compromised.

A certification program could introduce clearer standards for code review, security architecture, developer controls, attack prevention, incident response and recurring third-party audits. For an ecosystem moving deeper into DeFi, governance, identity, payments and real-world use cases, wallet security is no longer only a product-level concern. It is an ecosystem-level trust issue.

The security environment is also changing because of artificial intelligence. Advanced AI tools can accelerate vulnerability discovery, assist attackers in identifying unusual exploit paths and increase the risk of insider threats. Hoskinson referenced broader industry concerns around malicious actors attempting to enter crypto companies and wallet teams from the inside.

That risk changes the standard expected from wallet providers. Security can no longer rely only on whether software appears to work under normal conditions. Wallet teams may need stronger hiring controls, deeper internal reviews, independent audits and recovery models that are tested before incidents occur.

The discussion also opened the door to insurance-style protection for crypto users. Traditional finance includes mechanisms that can absorb certain losses after failures or disasters. Crypto users are often left exposed under a buyer-beware model. Future wallet infrastructure may need collective protection models or insurance products to reduce downside risk when breaches happen.

Hoskinson also linked future improvements to advanced cryptography, including Midnight Passport, zero-knowledge proofs and delegated authority through agents. These technologies could support safer identity, authorization and transaction models across future wallet systems.

Input Output is also reviewing its own products and infrastructure, including Lace, despite no known issue being identified. That review reflects the wider lesson from the SecondFi incident: in an AI-driven threat environment, wallet security requires continuous verification, not occasional confidence.

The SecondFi incident has therefore become more than a company-specific wallet breach. It has placed Cardano’s wallet standards, audit expectations and user protection models under direct scrutiny at a time when secure infrastructure is becoming central to the ecosystem’s next phase.