Skip to content

[examples] SecondFi Cardano predictable key-generation drain (T11.004)#1

Merged
iZonex merged 2 commits into
mainfrom
examples/secondfi-cardano-t11004-key-gen-drain
Jul 3, 2026
Merged

[examples] SecondFi Cardano predictable key-generation drain (T11.004)#1
iZonex merged 2 commits into
mainfrom
examples/secondfi-cardano-t11004-key-gen-drain

Conversation

@iZonex

@iZonex iZonex commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

What

Adds a worked example for the SecondFi Cardano (ADA) wallet drain disclosed 2026-06-23, mapped to OAK-T11.004 (Insufficient-Entropy Key Generation).

  • New: examples/2026-06-secondfi-cardano-web-wallet-predictable-key-generation-drain.md
  • Backlink in techniques/T11.004-insufficient-entropy-key-generation.md
  • Regenerated STATS.md, BACKLOG.md, index.html count (646 → 647)

Why this is a clean T11.004 anchor

Multiple outlets and SlowMist confirm the root cause: SecondFi's native Cardano web-wallet key-generation software produced private keys with predictable randomness, so the entire generated cohort is derivable — including wallets not yet drained. This is OAK's first non-EVM / wallet-provider-software anchor for the class (existing anchors are EVM/Profanity), and it re-exercises both load-bearing T11.004 properties: cohort-computable exposure and the half-life-of-known-vulnerability tail.

  • Confirmed: 16M ADA ($2.4M) across ~178 wallets (374 addresses per SecondFi).
  • Exposure: up to 129M ADA ($20M) per SlowMist.

Developing / partially disputed — handled per OAK neutral framing

The ~129M ADA "rescue to a third-party custodian" SecondFi describes is disputed: SlowMist and community trackers link the large flows to attacker-tagged addresses (addr1q8g8c…7vuz99), and on-chain a cohort-wide sweep of derivable keys by an attacker is indistinguishable from a custodial rescue of the same wallets.

  • Mechanism = confirmed; disposition = contested metadata; attribution = pseudonymous.
  • Entry is explicitly marked developing / partially-disputed with a re-map path: add T5.007 / T11.010 as co-primary disposition if forensics confirm the flow is operator-controlled.
  • The entry does not amplify SecondFi's "do nothing / don't restore your seed / submit a claim" guidance — for a weak-entropy cohort, immediate rotation to a cleanly generated key is the only protective action, and inaction is the failure mode. The literal "restoring the same phrase doesn't help" is true; "leave funds in place and wait" is not.

Validation

All gates pass: check_linkage OK · check_backlinks 0 hard / 0 warn · check_integrity clean · markdownlint 0 errors · verify_citations clean. Exports (oak.json / oak-stix.json) and SPECS.md unchanged (examples aren't part of those artifacts). Citations are inline-only (no new bibtex entries).

🤖 Generated with Claude Code

iZonex and others added 2 commits June 24, 2026 15:49
… -> 647)

SecondFi (Cardano web wallet) disclosed 2026-06-23 that its native
web-wallet key-generation software produced private keys with predictable
randomness, so the full generated cohort is derivable, including wallets
not yet drained. Confirmed ~16M ADA (~$2.4M) stolen across ~178 wallets
(374 addresses per SecondFi); SlowMist puts total exposure up to ~129M ADA
(~$20M at ~$0.15/ADA). Maps to T11.004 (Insufficient-Entropy Key
Generation) -- OAK's first non-EVM / wallet-provider-software anchor for
the class (existing anchors are EVM/Profanity).

The ~129M ADA "rescue to a third-party custodian" SecondFi describes is
disputed: SlowMist and community trackers link the large flows to
attacker-tagged addresses, and an attacker sweeping every derivable key is
on-chain indistinguishable from a custodial rescue of the same wallets.
Documented per OAK neutral framing -- mechanism confirmed, disposition
recorded as contested metadata; attribution pseudonymous. Entry marked
developing / partially-disputed with an explicit re-map path (add T5.007 /
T11.010 if the flow is confirmed operator-controlled).

Does not amplify the "do nothing / don't restore your seed / submit a
claim" guidance: for a weak-entropy cohort, immediate rotation to a cleanly
generated key is the only protective action a holder can take unilaterally;
inaction is the failure mode (T11.004 half-life-of-known-vulnerability tail).

Backlink: T11.004. Regenerated STATS/BACKLOG + index.html count
(646 -> 647; bibtex steady 1555 / inline-only; pseudonymous 305 -> 306;
T11 144 -> 145). Exports (oak.json/oak-stix.json) and SPECS.md unchanged --
examples are not part of those artifacts.

All gates pass: check_linkage OK, check_backlinks 0 hard / 0 warn,
check_integrity clean, markdownlint 0 errors, verify_citations clean.

Signed-off-by: Dmytro Chystiakov <dlchistyakov@gmail.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Pulls the new late-June 2026 attacks into the PR alongside SecondFi. Five
worked examples covering six incidents, all dated 2026-06:

- Secret Network / Axelar (~$4.67M): a forked CW20-ICS20 bridge contract
  with source-channel + escrow checks commented out accepted forged IBC
  packets over an attacker-opened permissionless channel, minting unbacked
  sa* tokens redeemed over the real Axelar route. T10.002 (message-
  verification bypass) + T11.013 (legacy carry: flaw from the 2023 deploy
  survived a 2026-03 migration). Encrypted balances masked the loss ~7 days;
  sibling detection case to Namada 2026-06.
- jaredfromsubway.eth MEV bot (~$7.5M): counter-MEV honeypot; ~66 counterfeit
  WETH/USDC/USDT contracts (T6.006) baited the bot's routing logic into
  leaving standing allowances that a coordinator swept via transferFrom in one
  tx. T4.004. Inverts the 2023 jaredfromsubway.eth attacker entries.
- Polymarket (~$3.0-3.1M, ~11 wallets): compromised third-party frontend
  vendor injected wallet-draining JS into the live official site, soliciting
  fraudulent approvals; backend/contracts intact. T15.002 + T4.002. Distinct
  from the 2026-01 Polymarket trader-tooling npm campaign (T11.009).
- Gitcoin + Yield Yak "Eleven drainer" cohort (losses undisclosed): the same
  drainer kit injected into legitimate project subdomains (files.gitcoin.co,
  vote.yieldyak.com) three days apart. T6.008 + T4.004; access vector
  undisclosed (candidate T15.004). Detection-stage entry.
- mySwap CL, Starknet (~$305K, developing): a fake "EVIL" token abused a
  shared concentrated-liquidity vault's accounting to drain residual LP.
  Preliminary T9.004; exact line-level bug undisclosed, candidate flagged.

Neutral framing throughout: mechanism + prevention; attacker identity and
fund disposition recorded as neutral metadata. Backlinks added to the primary
technique of each. Regenerated STATS/BACKLOG + index.html count (647 -> 652;
2026-06 15 -> 20; pseudonymous 306 -> 308, unattributed 149 -> 152). Exports
and SPECS unchanged (examples are not part of those artifacts).

Deferred to backlog pending root-cause disclosure: Haedal Vault (~$915K, Sui;
mechanism single-origin) and Hinkal (~$820K, 2026-07-03; root cause
unconfirmed between proof-bypass and key-compromise).

All gates pass: check_linkage OK, check_backlinks 0 hard / 0 warn,
check_integrity clean, markdownlint 0 errors, verify_citations clean,
detect_ai_tells 0 violations over threshold.

Signed-off-by: Dmytro Chystiakov <dlchistyakov@gmail.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@iZonex iZonex merged commit 1a1482d into main Jul 3, 2026
6 of 7 checks passed
@iZonex iZonex deleted the examples/secondfi-cardano-t11004-key-gen-drain branch July 3, 2026 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant