Altcoins

Ctrl Wallet to shut down weeks after June security exploit

Ctrl Wallet has announced it will shut down all services by Aug. 3, 2026, weeks after a June 23 security exploit hit its Cardano wallets, urging its 650,000 monthly users to withdraw assets immediately.

⏱ 2 min read Altcoins
Quick Summary
  • Ctrl Wallet will disable all functions on Aug. 3, 2026, following a June 23 security exploit affecting Cardano wallets on the platform.
  • Users must export assets before the deadline, with recovery phrases compatible with MetaMask, Trust Wallet, and Phantom.
  • The closure follows Ctrl Wallet's transition under Emurgo and a related June 24 exploit on SecondFi that drained an estimated 16 million ADA worth roughly $2.4 million.

Non-custodial multichain cryptocurrency wallet Ctrl Wallet has announced it will permanently close its services, just weeks after a security breach struck its Cardano wallets. Users have been given until Aug. 3, 2026, to withdraw their assets before all platform functions are disabled.

What triggered the shutdown

On June 23, Ctrl Wallet reported a security issue affecting some Cardano wallets on its platform. The team placed the service into a temporary ‘maintenance mode’ to protect user assets while its engineering staff worked to restore full functionality. The shutdown announcement followed shortly after.

In a blog post and social media update, the wallet’s operators confirmed that starting Aug. 3, 2026, sending, receiving, and swapping funds, along with all other in-app actions, will be completely unavailable. The only remaining function after that date will be the ability to export recovery phrases. The app will also be removed from both app stores and browser extension stores, with downloads halted immediately.

What users need to do now

Ahead of the Aug. 3 deadline, Ctrl Wallet ‘strongly’ recommended that users transfer their assets to another exchange or compatible crypto wallet. After the cutoff, the only option remaining will be to import a recovery phrase into another wallet provider.

Users can export 12-word or 24-word recovery phrases into compatible wallets including MetaMask, Trust Wallet, and Phantom. The team stressed there will be no migration token or airdrop tied to the closure, and warned users to be cautious of fake social media posts or websites promising such incentives.

Background: Emurgo acquisition and the SecondFi exploit

Ctrl Wallet, formerly known as XDEFI Wallet, listed between 11 and 50 employees and over 650,000 monthly users on its LinkedIn page. The wallet supported more than 2,500 blockchain networks, including Cardano and Midnight.

On April 29, Ctrl Wallet announced its transition under the Emurgo umbrella, stating that its multichain architecture would continue inside the SecondFi wallet. SecondFi is a self-custodial platform built on Cardano that rebranded from the Yoroi wallet in April 2026 and was developed by Emurgo, described as the ‘for-profit arm of Cardano.’

On June 24, a vulnerability in SecondFi allowed attackers to drain user funds, resulting in an estimated loss of approximately 16 million ADA, valued at roughly $2.4 million at the time. Days after the exploit, SecondFi revealed a recovery path to repay affected users across 374 impacted wallet addresses. The platform said it secured approximately 129 million ADA through emergency measures and transferred those funds to an independent third-party custodian, where they will remain until the verification and recovery process concludes.

⚖️ Our Verdict ⚖️ Watch and Wait

The permanent closure of a 650,000-user wallet weeks after a security exploit is a real blow to confidence in Cardano-adjacent wallet infrastructure, especially following the separate SecondFi drain of roughly $2.4 million in ADA. It is a narrow infrastructure setback rather than a broad directional move for the token, so the knock-on effect on Cardano ecosystem trust is the thing to watch.