New Delhi, June 28 -- attackers had reconstructed their private keys from information that was already public.

SecondFi, the self-custody neofinance platform built by EMURGO, one of the three founding entities of the Cardano blockchain, confirmed this week that a flaw in its wallet generation software had exposed users to exactly that kind of attack. A deterministic nonce derivation error in the platform's software signer meant that every transaction ever signed by an affected address broadcast enough mathematical information for an attacker to work backward and reconstruct the private key. The wallet did not need to be broken into. It only needed to have been used.

Sixteen million ADA, worth approximately $2.4 million at the time of th...