Midnight Reopens NIGHT Redemption Portal After Cardano Wallet Security Incident
Midnight has reopened its NIGHT token redemption portal after temporarily suspending redemptions in response to the security incident involving a subset of Cardano wallets associated with SecondFi.
The portal resumed operations on July 9, 2026, at 17:00 UTC, according to an official Midnight announcement. The pause was introduced as a precaution while the team evaluated whether continuing Glacier Drop redemptions could create additional risk for affected wallet holders.
The important distinction: Midnight did not report a compromise of the Cardano blockchain, the Midnight network, NIGHT allocations, or the NIGHT token supply. The concern involved the security of certain wallet credentials associated with separate wallet software.
Why Midnight Suspended Redemptions
NIGHT redemption requires a participant to demonstrate control of an eligible address and direct an unlocked allocation to a destination wallet. If the credentials controlling an eligible address have been exposed, an attacker may be able to act before the legitimate owner.
Midnight therefore paused the portal after reports of the SecondFi incident emerged. The purpose was to avoid creating a narrow window in which potentially compromised credentials could be used during a time-sensitive redemption process.
This was a risk-management decision, not evidence that Midnight's distribution ledger had been altered. The Cardano network continued producing blocks, validating transactions and securing delegated stake normally.
What Reopening the Portal Actually Means
Reopening means Midnight has determined that the redemption service can resume. It does not provide a universal guarantee that every individual wallet is secure.
Users must separate two questions:
- Is the official NIGHT redemption service operating again?
- Are the private credentials of my particular wallet still secure?
The answer to the first question is yes. The second depends on how the wallet was created, whether its recovery phrase was exposed, and whether unauthorized activity has appeared.
Who Should Exercise Additional Caution?
Additional review is particularly important for users who:
- Created an eligible wallet using software identified in the SecondFi investigation.
- Imported a recovery phrase into an application whose security they can no longer verify.
- Have detected an outgoing transaction they did not authorize.
- Used the same recovery phrase across multiple applications or devices.
- Entered wallet credentials into a website claiming to provide NIGHT support.
- Received unsolicited recovery or redemption messages through social media.
Simply opening a wallet through a particular interface does not always mean that the application generated or controlled its keys. A hardware wallet that keeps keys inside the device presents a different risk profile from a software-generated wallet. Users should rely on current technical guidance rather than treating every case as identical.
Were NIGHT Tokens or Allocations Compromised?
Midnight's reopening announcement did not state that NIGHT allocations, distribution records or protocol-level balances had been compromised. The incident that triggered the pause concerned certain Cardano wallets associated with SecondFi.
However, an accurate allocation record cannot protect a user if someone else controls the corresponding private key. Blockchain systems correctly follow valid cryptographic signatures; they cannot independently determine whether the signer is the original owner or an attacker using stolen credentials.
Wallet Security and Stake Pool Verification Are Different
A secure wallet protects control of your ADA, while an actively maintained stake pool supports reliable participation in Cardano's staking system. Evaluating both helps users make better long-term decisions.
Blockiy reviews public pool information, activity and operational readiness to help delegators discover professionally managed options.
Explore Verified Cardano Stake PoolsHow NIGHT Thawing Affects Redemption
NIGHT allocations are not necessarily released at once. Midnight's published guide describes a 360-day thawing period in which allocations generally become available in four portions of 25 percent.
Each participant follows an assigned schedule. One user may receive an initial thaw earlier than another, while later portions generally become available at roughly 90-day intervals.
The portal may therefore display several different figures:
- Total NIGHT allocation.
- Amount already redeemed.
- Amount redeemable now.
- Amount still frozen for later thaws.
- Date of the next scheduled thaw.
Seeing an allocation does not mean all of it is immediately transferable. A user allocated 20,000 NIGHT may initially be able to redeem only 5,000 NIGHT if one quarter has thawed.
What Users Should Verify Before Redeeming
Use the official Midnight domain
Distribution events attract phishing websites. Users should navigate from Midnight's official website rather than trusting advertisements, social-media replies, direct messages or unsolicited emails.
Check the destination network and address
The destination must use the address format supported by the portal. Users should compare the beginning and ending characters after pasting because clipboard malware can replace cryptocurrency addresses.
Read every signature request
A wallet connection does not automatically make a website safe. Before signing, users should examine the requesting domain, assets being moved, destination address and displayed purpose.
Never disclose a recovery phrase
A normal wallet connection can prove address control without revealing the recovery phrase. Any person or website asking for the phrase should be treated as hostile.
Understanding the NoRedeemableThaws Error
Some users have reported an HTTP 400 response or a NoRedeemableThaws message. In general, this indicates that the backend does not currently recognize an unlocked portion available for redemption.
Possible explanations include a future thaw date, an already processed redemption, stale session data, a pending transaction or a temporary inconsistency between the interface and backend.
Users should check the next thaw date, reconnect the correct wallet, review transaction history and consult official support documentation. They should not repeatedly sign unexplained requests or submit a recovery phrase to resolve the error.
Does Reopening Mean the SecondFi Incident Is Over?
No. It means the separate Midnight redemption service has resumed. Investigation, remediation and recovery relating to affected SecondFi wallets may continue independently.
A user who believes a recovery phrase has been compromised should create a completely new wallet with a new phrase and follow verified security guidance. Importing the same phrase into another wallet application does not change the underlying keys.
Key Dates and What Happens Next
Midnight's official guide states that the 360-day thawing period is scheduled to end on December 4, 2026, followed by a 90-day grace period for final claims. Individual users should rely on the current schedule displayed by the official portal and confirm deadlines against updated Midnight documentation.
The safest response is not to rush. Users should confirm their wallet's security, verify the full destination address and understand the signing request before completing any redemption.
Final Thoughts
The reopening of the NIGHT redemption portal restores access to an important stage of the Glacier Drop distribution. It also demonstrates why users must distinguish between blockchain security, wallet security and application security.
Cardano and Midnight can continue operating correctly while an individual wallet remains unsafe. Protecting digital assets therefore depends on both secure protocols and careful user practices.
Use official links, never expose a recovery phrase, verify the destination address and do not approve any transaction you cannot clearly understand.
