2 hours ago
4 
The cryptocurrency world witnessed another attack on September 23, 2025, when North Korean hackers targeted Seedify’s cross-chain bridge, stealing $1.2 million and causing the SFUND token to crash 99% in minutes.
The Attack Unfolds
At 12:05 UTC on September 23, hackers linked to North Korea’s “Contagious Interview” group gained access to a Seedify developer’s private keys. Using these stolen credentials, they exploited a vulnerability in the platform’s cross-chain bridge contract on Avalanche. The hackers then minted massive amounts of unauthorized SFUND tokens and quickly moved them across multiple blockchain networks.
Source: @SeedifyFund
The attackers spread their stolen tokens across Ethereum, Arbitrum, and Base networks before converting most of the funds on BNB Chain. This coordinated approach allowed them to drain liquidity pools and maximize their profits while devastating the token’s price.
Seedify founder Levent Cem Aydan, known as Meta Alchemist, expressed his frustration on social media: “DPRK/Lazarus decided to take everything we built over 4.5 years in one hack.” The attack targeted bridge contracts that had previously passed security audits from trusted firms, making the breach particularly concerning for the DeFi community.
Token Price Collapses
SFUND experienced one of the most dramatic price crashes in recent crypto history. The token plummeted from $0.43 to nearly worthless within minutes – a staggering 99.99% drop. Trading volume spiked as panicked investors tried to exit their positions.
The crash hit individual investors hard. One investor with the handle @0xAbhiP publicly shared his losses, stating he had invested six figures in January and watched his holdings become virtually worthless. His experience reflected the pain felt by thousands of other SFUND holders who saw their investments evaporate.
Following initial recovery efforts by the Seedify team, the token stabilized around $0.21 before gradually climbing to approximately $0.28. However, this still represents a massive decline from the $2.34 price the token held just one month before the attack.
Attribution to North Korean Hackers
Blockchain investigator ZachXBT quickly linked the attack to North Korean state-sponsored hackers through on-chain analysis. The theft addresses connected to previous “Contagious Interview” incidents, a campaign that has already claimed over 230 victims this year.
Source: @meta_alchemist
This attribution is significant because it points to the Contagious Interview group rather than the more famous Lazarus Group. Security experts suggest this indicates another ring of North Korean cybercriminals may be expanding their operations and becoming more aggressive in targeting crypto platforms.
North Korean hackers have intensified their attacks on the cryptocurrency sector throughout 2024 and 2025. With known DPRK-related losses already totaling $1.3 billion in 2024, this attack contributes to what analysts call their most successful year to date.
The hackers’ methods have become increasingly sophisticated. They now infiltrate crypto companies through fake job applications, fraudulent interviews, and employee bribery – tactics that make traditional security measures less effective.
Industry Response and Recovery
Seedify moved quickly to contain the damage. The team coordinated with major cryptocurrency exchanges to halt SFUND trading and blacklisted the attackers’ wallet addresses across multiple blockchain networks. They also temporarily disabled all cross-chain bridges to prevent further exploitation.
Binance founder Changpeng Zhao confirmed that security experts helped freeze $200,000 at HTX exchange, though most stolen funds remain on blockchain networks. Major exchanges have now blacklisted the addresses connected to this attack.
Meta Alchemist offered blockchain sleuth ZachXBT a substantial bounty to help track the attackers and recover stolen funds. The collaboration between Seedify and blockchain investigators highlights how the crypto community increasingly relies on specialized experts to combat sophisticated attacks.
The broader crypto industry has taken notice. Crypto hacks in 2024 have already reached $2.2 billion, with North Korean groups responsible for a significant portion of these losses. This latest attack reinforces concerns about cross-chain bridge security and the need for better protection measures.
Security Implications for DeFi
The Seedify hack exposes critical vulnerabilities in cross-chain bridge infrastructure. Despite passing security audits from reputable firms, the bridge contract contained flaws that allowed unauthorized token minting. This revelation raises questions about current auditing practices and whether they adequately protect against sophisticated state-sponsored attacks.
Cross-chain bridges have become frequent targets because they hold large amounts of cryptocurrency and often have complex code that can contain hidden vulnerabilities. The Seedify attack follows a pattern of bridge exploits that have cost the DeFi sector billions of dollars.
Security experts recommend that DeFi platforms implement multi-signature controls, monitor on-chain activity more closely, and prepare incident response plans. The competitive pressure to launch quickly often conflicts with thorough security testing, creating opportunities for attackers.
The attack also demonstrates how North Korean hackers have adapted to target the most vulnerable parts of the crypto ecosystem. Their focus has shifted from direct exchange hacks to exploiting DeFi protocols and cross-chain infrastructure where security practices may be less mature.
The Road Ahead
The team stated that core contracts, user wallets, and the underlying protocol remain secure, though the bridge exploit damaged investor confidence significantly.
The platform continues operating its Web3 incubator and launchpad services while working to rebuild trust with its community. However, the massive token price decline will likely have lasting effects on the project’s ability to attract new investments and partnerships.
Bengali (Bangladesh) · 
English (United States) ·