SecondFi post-mortem: signing flaw leaked private keys as $18.5M custody standoff continues
Rekt's post-mortem shows SecondFi's Android 10.0.3 Ed25519 signer derived nonces from public data, so one signature exposed a key; attackers drained 16 million ADA ($2.4 million) from 374 wallets, while 129 million ADA sits with an undisclosed custodian.
DeFi Intel is an entity-graph aggregator: we curate, tag and link crypto news to a typed knowledge graph of protocols, tokens, people and incidents. We do not republish the full article body. Use the link above to read the original report at Rekt.
Want the full article?
Continue reading on Rekt →