EMURGO, one of Cardano’s founding entities, is stepping down from its duties as a member of the Cardano Pentad after the SecondFi wallet exploit.
In an X post on Wednesday, the company said it would focus its resources on recovering user assets after the breach.
The move comes after the SecondFi exploit drained about 16 million ADA, worth around $2.4 million at the time, from 374 wallets. EMURGO developed SecondFi, the Yoroi-rebranded self-custody wallet launched earlier this year.
EMURGO steps away from Pentad role
EMURGO said it had formally notified the other Pentad entities that it would step down from its duties. The company said its main focus is now the SecondFi recovery process, with resources directed toward users and the wider Cardano ecosystem.
“Our immediate priority is the SecondFi recovery process, and we are concentrating our resources where they are needed most,” said EMURGO in its statement.
It added that stepping aside reflects the accountability it holds as a founding entity of Cardano.
The Pentad was introduced in January as a Cardano coordination group. It includes Input Output, EMURGO, the Cardano Foundation, Intersect and the Midnight Foundation. An Essential Cardano development report described the group as a treasury-supported process focused on network-wide infrastructure needs.
The Pentad was designed to support unified decision-making while keeping ecosystem representation. EMURGO’s exit removes one founding entity from that structure at a time when governance funding and accountability are under close community review.
SecondFi recovery becomes the main focus
The decision follows a series of updates from SecondFi and EMURGO after the wallet incident. SecondFi said multiple independent firms are reviewing the event and the code behind the wallet. It also said a patch had been submitted to close the identified vulnerability.
SecondFi said its short-term work is focused on asset safeguarding, a recovery fund, wallet status checks and safe migration routes. The team is also preparing tools that allow users to check whether their wallet appears in early incident data.
The company has also changed its operating plan. SecondFi said, “SecondFi will not resume normal operations,” even after audits are complete. It asked users to migrate away from the wallet using official methods.
The next steps include a quarantined site for wallet checks and migration guidance. SecondFi also plans to launch secure wallet export functionality to help users move to a hardware wallet or another platform. An in-person migration workshop in Tokyo is also planned.
Exploit exposed wallet software flaw
SecondFi said the issue was tied to its native Cardano web wallet generation software. In earlier updates, the team said the root cause was at the address level and warned affected users not to restore their recovery phrase into another Cardano wallet.
According to SecondFi, the affected software signer used a deterministic nonce derivation flaw. Each time an affected address signed a transaction, it leaked enough information for an attacker to reconstruct the private key from public blockchain data.
The June update said 374 wallet addresses were affected across three attack events, leading to about 16 million ADA in compromised funds. SecondFi also said emergency measures helped secure about 129 million ADA during the containment process.
The team said assets recovered through emergency measures are being held while the recovery process continues. It also said a restoration fund has been established to support the return of assets to affected users.
Cardano community weighs accountability
The governance exit drew criticism from some users in replies to EMURGO’s post. Some questioned EMURGO’s handling of the exploit and whether it should retain any funding tied to Pentad-related programs.
It remains unclear whether EMURGO directly received funds from the 70 million ADA Critical Integrations Budget approved in January.
As previously reported, the SecondFi breach was one of several pressures facing Cardano, ADA and the broader ecosystem. The earlier coverage also pointed to weak ADA price action and growing concern among Cardano users.
Meanwhile, Cardano (ADA) traded at around $0.17 at press time, indicating a 5 percent decline in the past 24 hours and a drop of more than 70 percent year to date, according to market data.
SecondFi has also warned users about scammers using the incident to send fake recovery messages. The project said it will never ask for private keys, seed phrases, wallet credentials or direct wallet access. It told users to follow only official channels and support portals.
EMURGO’s role in SecondFi appears limited to recovery work. The company says it plans to publish a fuller account of who was involved and why after incident reports and code reviews are finished. Until then, the main focus remains user verification, safe migration and the return of affected assets.




