Ctrl Wallet announced Tuesday it will permanently shut down operations following a security breach that compromised Cardano wallets on its platform. The non-custodial multichain cryptocurrency wallet is giving users until August 3, 2026, to withdraw their digital assets before all core functions are disabled.
The security incident occurred on June 23, 2024, when the wallet detected unauthorized access affecting some Cardano wallets. In response, Ctrl Wallet immediately entered a temporary maintenance mode to protect user assets while its engineering team investigated the breach and worked to restore full functionality. The company did not disclose the number of affected wallets or the total value of compromised assets.
As a non-custodial wallet, Ctrl Wallet does not hold users' private keys, meaning users maintain control of their cryptocurrency. However, the security exploit appears to have been severe enough to prompt the company to cease operations entirely rather than attempt to rebuild trust and continue services. The technical details of the exploit have not been publicly disclosed.
Starting August 3, 2026, users will lose the ability to send, receive, or swap funds through the Ctrl Wallet application. All standard wallet operations will be disabled at that time. The only function that will remain available is the ability to export recovery phrases, which users need to access their funds through alternative wallet applications.
Users are strongly advised to withdraw their assets and export their recovery phrases before the August deadline. Those who fail to act before August 3, 2026, will need to use their recovery phrases to restore their wallets in alternative applications that support the same blockchain networks. The shutdown highlights ongoing security challenges facing cryptocurrency wallet providers and the importance of users maintaining backup access to their recovery phrases.
Source: https://cointelegraph.com/news/ctrl-wallet-shutdown-security-exploit?utm_source=rss_feed&utm_medium=feed&utm_campaign=rss_partner_inbound


