
On July 2, SecondFi, the Emurgo-backed Cardano self-custody and neofinance platform formerly known as Yoroi Wallet, released a detailed Hardware Wallet Migration Guide following the revelation of a wallet generation software vulnerability that was exploited in late June.
Hardware Wallet Migration Guide
We have published a step-by-step guide to help users securely move their assets to a new hardware wallet, the most secure option for self-custody.
Before you start, keep these in mind:
– If you already use a hardware wallet, no action is…— SecondFi (@secondfiapp) July 2, 2026
What is Inside the Hardware Wallet Migration Guide?
The official guide is created to help users securely move their assets to hardware devices such as Ledger, Trezor, Keystone, or Tangem, which are recommended as the most secure self-custody options, while still preserving access for the ongoing asset recovery process.
The external cyber attacks have drained approximately 16 million ADA, worth about $2.4 million, from 374 addresses. After this cyber attack, SecondFi shifted from its initial advice to stay put to supporting proactive migration for non-affected or concerned users. Hardware wallets were unaffected because private keys stay offline.
SecondFi is working with the Intersect Security Council and auditors, has released the guide alongside a recovery checker tool, and is making progress toward an on-chain claims portal.
This approach balances user safety with coordinated recovery, preventing premature actions that could lead to compliance claims or expose funds. EMURGO funded a recovery wallet, and white-hat secured assets are being returned. The ongoing efforts with the launch of the new guide are expected to rebuild trust after the incident, which has highlighted the risks of software wallets despite Cardano’s secure base layer.
There are major points mentioned regarding hardware wallet migration on the wallet.
- In the guide, the company asked users not to delete the SecondFi application. The application of the seed phrase is needed in order to claim if affected.
- The company has asked users to keep the existing seed phrase safe offline, such as on paper backups.
- SecondFi has advised users to stop using the old wallet, such as no sends, receivers, signs, and stakes.
- There is no action required from hardware users.
SecondFi Shares Pre-Migration Checklist
In order to ensure the smooth migration process, SecondFi has shared some major points to take into consideration before the migration process.
The guide shared detailed instructions around the verification process. First of all, users will require the old recovery phrase. Apart from this, users are required to download a new companion application from the manufacturer’s site and perform a small test for a fee.
“You must have your current wallet’s recovery phrase or private key. This is typically 12, 15, or 24 words. You should have written this down when you first created the wallet. Do not take a screenshot; keep it on paper in a secure location. Make sure that only you can see it during the recovery process. You must also have a minimal balance to cover the transfer fees,” the guide states.
The guide stated, “You will need a new hardware wallet device and its official companion application installed and ready. Download the companion app only from the official sources provided by the hardware wallet manufacturer. Visit the official websites directly and do not accept links shared with you. You will also need a secure internet connection.”
Step 1: Create a New Hardware Wallet
In the first step, users are required to create a new wallet on the device. The hardware will generate a new recovery phrase offline. Users need to store this seed phrase in a secure manner.
Step 2: Transfer Funds
If required, users will have to restore old wallet access. Also, to ensure the safety of funds, they can execute a small transaction first on the new wallet address.
Step 3: Post-Migration Verification
After creating a new wallet on a hardware wallet, verify the tx hash on the explorer and document the details.
The guide is important for the security of SecondFi users. After the cyber attack, SecondFi has suspended services and patched the unaffected wallets. Amid growing security incidents on blockchain-based platforms, the total value locked on cross-chain bridges faced a major drop.



