Ctrl Wallet shutting down August 3 after June security exploit

Editorial illustration for: Ctrl Wallet to shut down by August 3 following June security exploit

In brief

  • Ctrl Wallet reported June 23 security exploit affecting Cardano wallets, entering maintenance mode immediately.
  • Complete shutdown scheduled August 3, 2026; all sending, receiving, and swapping will be disabled.
  • Users must withdraw assets or export recovery phrases to MetaMask, Trust Wallet, or Phantom before deadline.
  • Platform supported 2,500+ blockchain networks and served 650,000+ monthly users before the exploit.
  • Ctrl Wallet's multichain architecture will continue through SecondFi, a self-custodial Cardano platform.

Shutdown timeline and user action

Starting August 3, all functions within the app will be unavailable, including sending, receiving, swapping funds, and other actions. The app will be removed from both app and browser extension stores immediately, with downloads halted. After the shutdown date, users can only import their recovery phrase into another compatible wallet provider.

Ctrl Wallet supported compatible wallets including MetaMask, Trust Wallet, and Phantom for recovery phrase imports, giving users multiple pathways to preserve access to their assets. The wallet itself supported over 2,500 blockchain networks, including Cardano and Midnight.

Warnings about fraudulent migration schemes are already circulating. Users were urged to exercise caution when encountering fake social media posts or websites promising migration tokens or airdrops, as Ctrl Wallet announced there will not be a migration token or airdrop event.

From Emurgo transition to closure

Ctrl Wallet announced its transition under the Emurgo umbrella on April 29, positioning itself as part of the for-profit arm of Cardano. The move was meant to strengthen the wallet's position in the ecosystem. Instead, the June 23 exploit accelerated the company's exit.

The wallet had over 650,000 monthly users and listed between 11 and 50 employees on LinkedIn before the shutdown announcement. Ctrl Wallet's multichain architecture will continue inside the SecondFi wallet, a self-custodial platform built on Cardano that rebranded from Yoroi wallet in April 2026 and is developed by Emurgo.

The SecondFi rebrand itself faced immediate trouble. A vulnerability in SecondFi on June 24 enabled attackers to drain user funds, resulting in an estimated loss of around 16 million ADA, then worth about $2.4 million. SecondFi revealed a recovery path to repay affected users across 374 impacted wallet addresses and secured approximately 129 million ADA through emergency measures, transferring the funds to an independent third-party custodian.

Frequently asked questions

What happened to Ctrl Wallet?

Ctrl Wallet reported a security exploit on June 23 affecting some Cardano wallets. The company entered maintenance mode to protect assets and announced it will shut down completely on August 3, 2026. Users must withdraw their assets or export recovery phrases before that date.

How can I recover my funds from Ctrl Wallet?

After August 3, you can import your 12-word or 24-word recovery phrase into compatible wallet providers including MetaMask, Trust Wallet, and Phantom. Export your recovery phrase before the shutdown date to ensure access to your assets.

Will there be a migration token or airdrop?

No. Ctrl Wallet announced there will not be a migration token or airdrop event. Users should exercise caution when encountering fake social media posts or websites promising similar incentives, as these are likely scams.