The mystery surrounding who drained $18.5 million from Cardano wallets is getting stranger. Cardano founder Charles Hoskinson said during a live talk called “The Bingo Hall” that he heard from an intermediary named Jer about a meeting between Intersect, a Cardano governance firm, and Emurgo, the developers behind SecondFi.
Hoskinson claimed that, based on Jer’s account, a member of the Emurgo team said they do not know the identity of the white hat hacker. He added that Emurgo said the hacker is not affiliated with their organization. Hoskinson noted this is a secondhand recollection, but he did seem to trust the summary. He also said he does not care who the hacker is, only that the funds are returned to affected users.
User speculation grows
Before this, many on X had already wondered if Emurgo knew more than they let on. Some now want a police investigation into the firm. Others hope it is just a case of miscommunication. Hoskinson himself said, “For everyone’s sake I hope this is nothing more than miscommunication.” He called for Emurgo to address the statement quickly.
SecondFi explains its emergency measures
SecondFi is one of the biggest wallet generators on Cardano. Earlier this week, 16 million ADA, worth about $2.4 million, was stolen. Another 129 million ADA, worth about $18.5 million, was also taken. But SecondFi says that second move was an emergency measure to protect funds.
According to a statement from SecondFi, rescue measures were triggered to secure the 129 million ADA. The funds have been routed to an independent third-party custodian. They hired an external accounting firm to verify that the money is safe and accounted for.
Intersect wants transparency
Intersect responded by demanding a full, transparent account of the exploit. They want to know how it happened, what emergency steps were taken, and how user assets will be returned. This includes Cardano native tokens and NFTs, not just ADA. Intersect was careful to note that the Cardano blockchain itself is not broken. But they acknowledged that the exploit could affect the flow of ADA across the ecosystem.
Recovery timeline still uncertain
SecondFi said it took a final balance snapshot on Friday and estimates it can return assets to users within two weeks. But they added a caveat: they are still working on a solution and need to test and review everything first. They advised users not to move to new wallets, warning that independent actions could complicate the claims process.
Protos has reached out to Emurgo for comment but has not yet received a response. The situation remains fluid, and it is unclear if the white hat hacker will ever be identified.
