The tweet was deleted by the author.
But we saved everything 🙂.
Non-custodial multichain wallet Ctrl Wallet is shutting down after a recent security incident. The project team warned users that they need to withdraw their assets within the next month.
Ctrl Wallet reported a security issue on June 23. The incident affected some Cardano wallets on the platform. At the time, the service temporarily entered maintenance mode to protect user funds until full functionality could be restored.
Now the wallet operator has announced that starting Aug. 3, 2026, sending, receiving and swapping funds, as well as any other actions in the app, will become unavailable. The only remaining tool will be the option to export seed phrases.
The app will be removed from app stores and browser extension stores, while new downloads will be halted immediately, according to a Ctrl Wallet blog post.
Until Aug. 3, users can transfer assets from Ctrl Wallet to another exchange or crypto wallet. After that date, they will only be able to import their seed phrase into another compatible wallet. Ctrl Wallet strongly recommends withdrawing assets before the deadline.
The project team clarified that users can export 12-word or 24-word seed phrases into compatible wallets, including MetaMask, Trust Wallet and Phantom.
Ctrl Wallet also warned that it will not issue a migration token and does not plan an airdrop. Users were urged to be careful with fake social media posts and websites promising such rewards.
Ctrl Wallet was previously known as XDEFI Wallet. According to the company’s LinkedIn page, it has between 11 and 50 employees and more than 650,000 monthly users. The wallet supported more than 2,500 blockchain networks, including Cardano and Midnight.
On April 29, Ctrl Wallet announced its transition under the Emurgo umbrella. At the time, the company said its multichain architecture would continue to operate inside the SecondFi wallet.
SecondFi is a non-custodial platform built on Cardano and developed by Emurgo, the commercial arm of Cardano. In April 2026, the project rebranded from Yoroi Wallet.
On June 24, a vulnerability in SecondFi allowed attackers to drain user funds. The estimated damage amounted to about 16 million ADA, worth roughly $2.4 million at the time.
A few days later, SecondFi presented a compensation plan for affected users. According to the project, the incident affected 374 addresses. The team also said it managed to secure about 129 million ADA through emergency measures and transferred these funds to an independent third-party custodian. They will remain there until the verification and recovery process is complete.
The Ctrl Wallet incident shows that even non-custodial online wallets do not protect users from all risks. Formally, such services do not hold assets directly and give users control over their seed phrase, but they still remain software products. If a vulnerability appears in an app, extension or infrastructure, users’ funds may be at risk.
That is why many investors use hardware wallets for the long-term storage of large amounts. Such devices store private keys offline and do not transfer them to a browser extension or mobile app. This reduces the risk of theft through an online wallet hack, malicious update, phishing website or infected device.
But a hardware wallet also does not cancel out basic security rules. Users still need to store their seed phrase securely, check addresses before sending funds and never enter a recovery phrase on websites or in apps. The main conclusion is simple: non-custodial access is important, but it does not mean full security. The larger the amount and the longer the storage period, the more sense cold storage makes.
As a reminder, the Aztec Connect vulnerability exposed risks linked to outdated DeFi contracts.