Security Breach Forces Ctrl Wallet to Wind Down Operations With Full Disablement Set for Aug. 3

Security Breach Forces Ctrl Wallet to Wind Down Operations With Full Disablement Set for Aug. 3
Table of Contents

TL;DR:

  • Ctrl Wallet announced the permanent shutdown of its services on August 3, 2026, weeks after a security exploit that occurred on June 23.
  • The incident affected Cardano wallets integrated into the platform and resulted in losses of approximately 16 million ADA, valued at around $2.4 million.
  • Users must export their recovery phrase before August 3; after that, they will only be able to import it into another compatible wallet.

Ctrl Wallet, a non-custodial multi-chain wallet with more than 650,000 monthly users, announced it will permanently shut down its services on August 3, 2026. The decision came weeks after a security exploit detected on June 23 compromised several Cardano wallets hosted on the platform and put user funds at risk.

According to a company blog post, as of that date all operational functions of the application will be disabled: sending, receiving, swaps, and any other action within the system. The only exception will be the export of recovery phrases. In addition, the app will be removed from app stores and browser extensions, and downloads will be suspended immediately.

The company urged its users to transfer their assets before August 3 to another compatible exchange or wallet. Those who fail to do so before the deadline will only be able to import their 12- or 24-word recovery phrase into wallets such as MetaMask, Trust Wallet, or Phantom. The company also clarified that there will be no migration token or airdrop event, and warned about false posts circulating on social media that promise such incentives.

The Exploit Started at SecondFi and Ctrl Wallet Did Not Survive

The origin of the collapse can be traced back to the wallet’s own institutional transition. On April 29, Ctrl Wallet —formerly known as XDEFI Wallet— had announced its incorporation under the umbrella of Emurgo, the commercial arm of Cardano, with the intention of integrating its multi-chain architecture within SecondFi, a self-custodial platform built on Cardano that had changed its name from Yoroi in April 2026.

Exploit Ctrl Wallet Cardano

On June 24, one day after Ctrl Wallet’s initial report, a vulnerability in SecondFi allowed attackers to drain user funds. Losses were estimated at around 16 million ADA, equivalent to approximately $2.4 million at the time. Days later, SecondFi announced a recovery plan for the 374 affected users. The platform also reported having secured approximately 129 million ADA through emergency measures, with those funds transferred to an independent custodian while the verification and restitution process moves forward.

Ctrl Wallet had between 11 and 50 employees and support for more than 2,500 blockchain networks, including Cardano and Midnight. Its closure is one of the most abrupt in the crypto ecosystem so far in 2026.

RELATED POSTS

Ads

Follow us on Social Networks

Crypto Tutorials

Crypto Reviews