SecondFi, the Cardano wallet formerly known as Yoroi, says it has patched a major exploit that drained roughly 16 million ADA, worth approximately $2.4 million, from 374 user wallets across three separate attacks. The root cause was a flaw in SecondFi's proprietary wallet generation software. The vulnerability sits at the address level, meaning simply moving a seed phrase to another wallet offers no protection. "The security risk occurs when an affected user signs a transaction," the team said on X.