Hi, this is Charles Hoskinson broadcasting live from warm, sunny Colorado. Always warm, always sunny, sometimes Colorado. Today is June 29th, 2026, and I'm coding again. How about that?
I've spent quite a bit of time over the weekend examining what capabilities Cardano has to recover and redeem funds from a vend contract. I was able to actually get a Grath 16 verifier to work on Cardano preview, which has been a lot of fun. It turns out that we added a lot of juicy new features in the upcoming hard fork that allow you to verify BLS-oriented Grath 16 proofs.
What that translates to is basically that if you just have 24 keywords, you can prove that you own wallets associated with the derivation paths and embed within that proof a destination address. You create something client-side, submit it to a smart contract, and it has embedded within it a place to send funds. Then all the funds encumbered at the contract can be sent over. So, you may see some very strange transactions on preview, and that's what I've been testing right now. It's been a lot of fun.
I'll give you guys a little sneak peek of the repo, which is private because it has some information inside that you can use to reproduce the attack. We're waiting for a clean bill of health there. But you can see there are about 306 commits that I've done, and it's been a lot of fun creating all this logic for an MPC ceremony and seeing what you can actually verify on-chain with Grath 16 and a litany of other things.
For those of you who haven't been paying attention, basically what's been going on is that Second Fi got hacked. It's not entirely clear why that happened, but we do know roughly how some of it occurred. There was bad cryptographic code that was changed from the open-source Euroy when they forked over to closed source code. That bad code introduced vulnerabilities that an attacker took advantage of. The blast radius and extent of those vulnerabilities—whether they are just on the signature side or if they extend all the way up to key derivation and what type of remote monitoring was inside that software—are still unknown.
From our side, what we've done working with Intersect is we made a recommendation that the independent security auditor should have some mechanism to take instruction from or, at the very least, answer questions from the security council of Intersect so that there's a degree of objectivity and impartiality. Everything I know about the attack, I've only been able to confirm from code I've personally disassembled and blockchain-based forensics, but I don't know what the blast radius is. Until an independent security auditor has a full end-to-end review of the repos and can identify which particular libraries were compromised and demonstrate step by step what's safe and what's not safe, it's not really possible to propose a recovery remedy.
The reason I'm doing this exercise with Grath 16 is that I wanted to see if it was possible to do the worst-case scenario that's still recoverable, which is everything is compromised except for the keywords. If that's the case, then you need some form of ZK structure to prove ownership. If the master root is not compromised, then you can simply use a signature from it to prove ownership and do a redemption, which means you wouldn't need an on-chain zero-knowledge proof.
The happy accident of all of this is that it actually proves that you can do fairly sophisticated high-depth circuits on Cardano using the new primitives we have. The case size is 22, with almost four million parameters. It's a very large circuit to prove on Cardano at a constant size verification. Cardano has actually gotten a lot of really good zero-knowledge capabilities, and this is portable to any interface or wallet.
It's nice to know that Cardano has really moved forward and is able to do lots of interesting things. A lot of the tooling is working quite well. The unfortunate side, though, is that until an independent security audit comes through, we don't really know what would be a viable restoration or recovery path for users, at least from my perspective. If the keywords were compromised, then they would not be a good recovery mechanism. If the master path is compromised, that would not be a good path either. Until the corrupted library is examined thoroughly and a security auditor can determine the full root cause, we don't know.
There's also a difference between users who have been upgraded to Second Fi and new Second Fi users who have generated something within Second Fi, a new wallet. They may have different risk profiles, and there needs to be confirmation of what information was transmitted from a YOY/Second Fi user to Emergo. Was it just logs about how people used the wallet, or was there any other information? For example, did an attacker inject a keylogger or anything else?
The best thing the white hat can do—and again, this is non-binding advice, just one man's personal opinion—is to try to find a path to get the funds into a holding contract that's multi-signature, just so that it can be very clear what is definitively stolen by the black hat versus what is available for redemption. That multi-signature contract should be under the governance of some sort of neutral party with clear rules about how redemption is going to work.
The challenge is that it's not clear if the end-user license agreement and best practices actually allow this type of white hat to occur, and under what legal authority the funds were removed. That's something I hope the people involved will address with the community because it may be difficult for a third party to take custody of those funds and redeem them if they don't have the legal authority to do so.
These are some of the uncomfortable questions that have to be resolved across this whole incident. Oftentimes, when you see these things happen, there are layers of issues that need to be addressed. One is the technological aspect—engineers, scientists, and math people like me get really excited about solving the problem. I spent the weekend thinking about zero-knowledge proofs and MPC ceremonies, getting the approver to work in WAM, and how we can layer this into a trusted execution environment so you can recover on a phone.
What would the smart contract look like on Cardano? How would the accounting work? How would a snapshot be put in? That's the hard technical problem. The resolution of that problem creates a system where somebody can rotate from their old wallet to a new wallet, get a new address, and vent out to it.
Unfortunately, that's just one problem thread, and there are a lot of engineers available—whether they be Sunday, Anastasia, or others—who get excited about solving that particular problem. Then you have other problems, like the legal problem, which is how does it work from the sweeping of assets to a white hat to somewhere else to the redemption? Where do those legal rights begin and end, and is it prudent for a class action or other things? That's another grouping of problems—the legal problem—and blockchain has very little to say about that unless the legality is embedded into the transaction itself.
That's an open problem and one of the reasons we created Midnight. If you take Midnight and pair it with things like the LCP protocol, which I'll show you, LCP is the legal context protocol, and it's a really cool idea. You can embed into the transactions a legal understanding, so it's a thin wrapper. There are a lot of really cool things inside the specification for it, but basically, this allows you to say, "Okay, this was the legal intent and the jurisdiction and the laws and dispute resolution behind what we're doing."
When one creates a wallet, for example, they can embed that understanding into the wallet. There are even companies like Integra and Ledger that are working on this right now. We've reached out to their CEO and others and said it would be really cool to start building these legal understandings and seeing how we can embed them into things. That would then solve the recovery problem from a legal perspective because even though there are non-custodial wallets, you can't give delegated authority saying if some event happens, best effort can be made, and here are the terms and conditions behind that. In the absence of it, it's any jurisdiction's game.
The third thing—and this is the hardest thing—let's say the recovery works and most people get their funds back, if not everybody. How can Emergo be a trusted entity again? I've thought a lot about this. It's not good enough to say there was a bug because it isn't a bug. This is bad code that seems to have been deliberately added into the repo for some reason. There has to be an airing of grievances, an independent investigation into why this occurred, and the particular actors involved. What did they know? Why did they do it? That investigation has to be impartial and transparent.
There also has to be a broader question about the judgment of the principles of the organization. When you look at the principles of the organization, you have to ask yourself, "Okay, why did they do what they did?" They moved from open source to closed source, from community-created and audited code to code that did not have sufficient audit and oversight. They modified things that everybody was using and that were clearly good, like the generation of signatures. We all know how to do that, and that's a solved problem.
So, it calls into question the competence of the technical leadership and the judgment of why that product was constructed. When we acquired the NAMI wallet, this was not a non-controversial thing. The NAMI users had to be given a choice, and we maintained it for a while. We built a parallel construction of it, and then people had an option: they could either take their keywords and go somewhere else or upgrade to a Lace wallet once we discontinued the NAMI wallet. That's the best practice for a migration. You don't force migrate people from one experience to another because the social contract changes.
They went from open source to closed source, and at that threshold, there are different security properties. It doesn't seem wise to do what happened, and Emergo has to come up with some path to redemption in the community as a whole. Ordinarily, I try to resolve these things behind closed doors and talk to them, but this is not an event that can be handled that way. It's a social event and a community-wide event.
It is not lost on me that this hack happened right when Laos came out. I've spent a decade of my life trying to build Laos and get it to market. We were super excited about the test net, and the entire narrative around Cardano should be, "Look, Laos is finally here. We solved the blockchain trilemma." Instead, no one's talking about Laos; they're talking about the Second Fi hack, which should have never happened and was entirely preventable by best practices.
The management there can't just say, "We're sorry," like BP, and have a South Park parody made. There has to be a real adult conversation about what the process is for this organization, if it's even possible, to come back into the good graces of the community. What concessions and commitments are going to be made, and what commitment to transparency is going to be made? If they can't make those commitments, or if they can't provide that, at least speaking on behalf of Input Output, there's no path forward for us in that relationship.
We're not saying people are criminals or that they maliciously did things. We're saying there are big open questions that go beyond just how to get people their money back. They go into the heart of how decisions are made and what this organization does, its role and function in the Pentad, on the Intersect board of directors, and in other places in the ecosystem. If they wish to be a good citizen, there have to be concessions and transparency made. It can't just be, "Trust us"; it has to be verified by independent third parties.
What I care about the most is the integrity of Cardano and that the lawful holders of assets are made whole. Second, I care about the Pentad structure and its integrity, and its ability as an executive function to do its mission in an honest and credible way. Third, we need to preserve and protect relationships and partnerships when they produce value for everybody. If a particular entity has to be cut off for the good of the ecosystem, if one and two require it, we will certainly do that at Input Output. That's always been the case and always will be the case. No one entity is above the ecosystem as a whole, and everyone is subject to oversight and transparency when and where it's demanded.
Another thing that is very important to me is standards across the board for all wallet builders in Cardano. I really believe we've reached a point of maturity in the ecosystem where all wallet builders have to work together on some basic principles. We reached this point with the node diversity workshops, where we brought the node builders together. We all agreed on some common principles, and it's been very fun to work with Blink Labs, Maru, and other teams like Harmonic on this diversity. We've achieved a lot together, and we've all made each other better by agreeing to some common best practices and standards.
I have high confidence that as these diverse nodes come, they'll be as safe, within reason, as the Haskell node, which is a good thing for the ecosystem as a whole. The same needs to be done now for all wallet builders, and there needs to be some sharing of infrastructure and costs in future funding rounds to fund the wallets. Instead of funding the business operations of the wallets or general development, they should prioritize funding the satisfaction of those general standards. Thus, we have safety built in.
This idea of certified wallets, certified cryptographic libraries, verifiable software, Salsa compliance, and other best practices could include some next-generation concepts. For example, there's an emerging field of vibe coding called Vibesc. There are great companies working on it and producing tools, whether it be Checkmarks or others. This is building into your pipeline agents specifically for information security.
One of the things I built into that zero-knowledge library is a Vibesc agent, which has preloaded a collection of audit best practices for zero-knowledge proofs, multi-party computation protocols, and other concerns, especially for under-constrained circuits. It performs real-time checking as code is committed, ensuring that none of it violates those security invariants, which helps keep you out of trouble. Things like this would have likely discovered the attacks in the Second Fi wallet, and they're low-cost because they're completely automated and done by AI.
The wallet builders can come together and have a conversation about how to build some of those common practices because a lot of these are small teams. They're not well-funded, and they use vibe coding, which is fine, but let's try to build some things into the construction pipeline so that the obvious stuff doesn't come back to bite us.
Furthermore, the last thing is the consolidation of products, namely insurance products. I believe the industry has reached a point where we can start having an adult conversation about wallet insurance. Currently, you live in two worlds: non-custodial and custodial. If you're in the custodial world, there's some regulator of concern and some understanding of how much they're on the hook for if they get hacked. If you're in the non-custodial world, you lose all your money every time.
It's unfortunate, and we can't as an industry advocate for non-custodial solutions if any mistake leads to everything being gone, and then expect grandma and everyday people to come in. It's too high of a burden for ordinary adoption. So what do you do? You have a third option, which is insured non-custodial, where you can have access to your keys, but then there's a harness around it. If a defect in the software or some unforeseen issue occurs, there's some or all coverage as long as you're prepared and willing to pay a premium, like fire insurance, or share some cut of the action of what you're doing on-chain.
That can become an on-chain product as a real-world asset that pays a yield for people who provide the collateral to back up the wallets. I believe through partners that something like this could be developed, creating immeasurable safety for consumers. Then you can layer your defenses and say, "I have a certified wallet. We're following best practices. I'm following best practices, and I have an insurance policy on top of it."
You put these things in alongside good access control principles for how you treat your keyword backup. We were the first to bring PGP keyword paper wallets into play as well as multi-signature solutions. There's a ton of great things there and good recovery schemes. I think the probability of a catastrophic failure is incredibly low, and the vast majority of people can feel very comfortable about coming into the cryptocurrency space without these incidents affecting them.
The challenge is that typically there's a private side in addition to a public side for all these things, and that private side really does require careful thought. That's why we built Midnight and things like Midnight Passport to help you sort these dimensions out and get them where they need to be.
So, the TL;DR of the whole situation is that Intersect is doing a great job. The Security Council of Intersect is doing a great job. The board is doing a great job. The Midnight Foundation has been briefed and is examining what they can do. Fred at the Cardano Foundation has been briefed, and they're, of course, examining what they can do.
We're now at a fork in the road. The next step is unrestricted access to entities like the security auditors by the Security Council of Intersect and other assigns so that objective reality can be set. Once that has been established, we can try to completely ascertain the blast radius of the incident and see if it's strictly the signing keys or if other assets have been compromised. Once that's known, a recovery solution can be developed in a responsible, mature, and audited way.
I believe that the majority of claimants, if the white hat is indeed honest and deploys to the appropriate smart contract, can probably be redeemed in an automated way on-chain. That's my current belief based on my understanding. However, that's subject to change based on what the security auditors reveal. But that's only part of the solution. There's also a legal component and a component of the business processes that have to be cleared as first-class citizens before I think there's a path for Emergo to return to entities like the Pentad and other historical duties they've had in the Cardano ecosystem.
At Input Output, we're trying our hardest to figure out as much as we can and obviously open source as much as we can. I try as hard as I can to provide updates and share as much information as I know. The things I know come from what we've been able to derive from public statements, source code, and blockchain forensics. Those are the roots of what we know.
I have not gotten any privileged access to any particular information. We've gotten as far as I think we can with the public information, which is why I think the next step is for the independent security auditor to begin providing briefings and information and responding to queries from the Security Council. The Security Council in Intersect is imminently qualified and has deep knowledge of the Cardano protocol. Some of them even build wallets, and as a consequence, their technical skills would be invaluable in ensuring that the