The assault affected 64,000 token holders and marked one other main victory for state-sponsored cybercriminals.
The cryptocurrency world witnessed another attack on September 23, 2025, when North Korean hackers focused Seedify’s cross-chain bridge, stealing $1.2 million and inflicting the SFUND token to crash 99% in minutes.
The Assault Unfolds
At 12:05 UTC on September 23, hackers linked to North Korea’s “Contagious Interview” group gained entry to a Seedify developer’s personal keys. Utilizing these stolen credentials, they exploited a vulnerability within the platform’s cross-chain bridge contract on Avalanche. The hackers then minted huge quantities of unauthorized SFUND tokens and rapidly moved them throughout a number of blockchain networks.
Supply: @SeedifyFund
The attackers unfold their stolen tokens throughout Ethereum, Arbitrum, and Base networks earlier than changing many of the funds on BNB Chain. This coordinated method allowed them to empty liquidity swimming pools and maximize their earnings whereas devastating the token’s value.
Seedify founder Levent Cem Aydan, referred to as Meta Alchemist, expressed his frustration on social media: “DPRK/Lazarus determined to take the whole lot we constructed over 4.5 years in a single hack.” The assault focused bridge contracts that had beforehand handed safety audits from trusted companies, making the breach significantly regarding for the DeFi group.
Token Value Collapses
SFUND skilled one of the vital dramatic value crashes in current crypto historical past. The token plummeted from $0.43 to just about nugatory inside minutes – a staggering 99.99% drop. Buying and selling quantity spiked as panicked buyers tried to exit their positions.
The crash hit particular person buyers exhausting. One investor with the deal with @0xAbhiP publicly shared his losses, stating he had invested six figures in January and watched his holdings turn out to be just about nugatory. His expertise mirrored the ache felt by 1000’s of different SFUND holders who noticed their investments evaporate.
Following preliminary restoration efforts by the Seedify group, the token stabilized round $0.21 earlier than progressively climbing to roughly $0.28. Nonetheless, this nonetheless represents a large decline from the $2.34 value the token held only one month earlier than the assault.
Attribution to North Korean Hackers
Blockchain investigator ZachXBT rapidly linked the assault to North Korean state-sponsored hackers by way of on-chain evaluation. The theft addresses related to earlier “Contagious Interview” incidents, a marketing campaign that has already claimed over 230 victims this 12 months.
Supply: @meta_alchemist
This attribution is important as a result of it factors to the Contagious Interview group relatively than the extra well-known Lazarus Group. Safety specialists counsel this means one other ring of North Korean cybercriminals could also be increasing their operations and changing into extra aggressive in focusing on crypto platforms.
North Korean hackers have intensified their assaults on the cryptocurrency sector all through 2024 and 2025. With identified DPRK-related losses already totaling $1.three billion in 2024, this assault contributes to what analysts name their most profitable 12 months up to now.
The hackers’ strategies have turn out to be more and more subtle. They now infiltrate crypto firms by way of faux job functions, fraudulent interviews, and worker bribery – techniques that make conventional safety measures much less efficient.
Trade Response and Restoration
Seedify moved rapidly to include the injury. The group coordinated with main cryptocurrency exchanges to halt SFUND buying and selling and blacklisted the attackers’ pockets addresses throughout a number of blockchain networks. In addition they quickly disabled all cross-chain bridges to forestall additional exploitation.
Binance founder Changpeng Zhao confirmed that safety specialists helped freeze $200,000 at HTX trade, although most stolen funds stay on blockchain networks. Main exchanges have now blacklisted the addresses related to this assault.
Meta Alchemist supplied blockchain sleuth ZachXBT a considerable bounty to assist monitor the attackers and get better stolen funds. The collaboration between Seedify and blockchain investigators highlights how the crypto group more and more depends on specialised specialists to fight subtle assaults.
The broader crypto business has taken discover. Crypto hacks in 2024 have already reached $2.2 billion, with North Korean teams chargeable for a good portion of those losses. This newest assault reinforces considerations about cross-chain bridge safety and the necessity for higher safety measures.
Safety Implications for DeFi
The Seedify hack exposes important vulnerabilities in cross-chain bridge infrastructure. Regardless of passing safety audits from respected companies, the bridge contract contained flaws that allowed unauthorized token minting. This revelation raises questions on present auditing practices and whether or not they adequately shield towards subtle state-sponsored assaults.
Cross-chain bridges have turn out to be frequent targets as a result of they maintain giant quantities of cryptocurrency and sometimes have complicated code that may include hidden vulnerabilities. The Seedify assault follows a sample of bridge exploits which have price the DeFi sector billions of {dollars}.
Safety specialists advocate that DeFi platforms implement multi-signature controls, monitor on-chain exercise extra intently, and put together incident response plans. The aggressive strain to launch rapidly usually conflicts with thorough safety testing, creating alternatives for attackers.
The assault additionally demonstrates how North Korean hackers have tailored to focus on essentially the most susceptible elements of the crypto ecosystem. Their focus has shifted from direct trade hacks to exploiting DeFi protocols and cross-chain infrastructure the place safety practices could also be much less mature.
The Highway Forward
The group acknowledged that core contracts, person wallets, and the underlying protocol stay safe, although the bridge exploit broken investor confidence considerably.
The platform continues working its Web3 incubator and launchpad providers whereas working to rebuild belief with its group. Nonetheless, the huge token value decline will seemingly have lasting results on the challenge’s capability to draw new investments and partnerships.
Sven Luiv Sven Luiv Read More
