Woofun AI reports that SecondFi has established a recovery protocol for the Cardano wallet exploit, targeting asset returns within two weeks after rigorous testing and security audits. CEO Phillip Pon confirmed that forensic investigations are complete and a specific pathway for restitution is now defined. The immediate schedule involves one week dedicated to solution construction, followed by a second week of validation before funds are released to affected parties.

The security breach compromised approximately 16 million ADA, valued at roughly $2.4 million at the time of the incident, across 374 distinct addresses. Investigation traced the vulnerability to an address-level defect in the Cardano web wallet generation software which inadvertently exposed user private keys. In response, emergency protocols secured roughly 129 million ADA, transferring these assets to an independent third-party custodian to remain frozen until verification concludes.

Woofun AI data shows that no recovery actions requiring user participation have commenced, and the company explicitly states it will never request private keys, seed phrases, or direct wallet access. SecondFi has issued urgent warnings regarding malicious actors circulating fraudulent messages impersonating the wallet to trick users into migrating assets outside official guidance. Independent actions by users could complicate the secure return process, so all inquiries must be directed through the official support portal via ticket submission.

A comprehensive post-mortem detailing the specific technical vulnerability has not yet been published to the public.