North Korean Hackers Expose DeFi's Cross-Chain Bridge Vulnerabilities
Aime Summary
Source: [1] Seedify’s Token Dropped Nearly 60% After Suspected … (https://finance.yahoo.com/news/seedify-token-dropped-nearly-60-161434570.html)
[2] SFUND Crashes 99% as North Korean Hackers Drain $1.2M (https://cryptonews.com/news/sfund-token-crashes-99-as-north-korean-hackers-drain-1-2m-from-seedify-bridge/)
[3] North Korean Hackers Steal $1.2M from Seedify, SFUND Token … (https://cryptodataspace.com/north-korean-hackers-steal-1-2m-from-seedify-sfund-token-plummets-35/)
[4] Seedify Bridge Suffers $1.2M Hack, $SFUND Crashes Nearly 60% (https://web.ourcryptotalk.com/news/seedify-bridge-hacked-for-1-million)
[5] Seedify SFUND Crash: DPRK Hack Exposes Crypto Risks (https://capwolf.com/seedify-sfund-crash-dprk-hack-exposes-crypto-risks/)
---
The SFUND token, native to Web3 incubator Seedify, plummeted 99% following a $1.2 million theft from its cross-chain bridge, attributed to a North Korean-affiliated hacking group. The breach, confirmed by Seedify on September 23, 2025, exploited compromised private keys to mint unauthorized tokens on AvalancheAVAX--, EthereumETH--, and other chains, draining liquidity pools and triggering a flash crash. Blockchain sleuth ZachXBT identified the attackers as part of the “Contagious Interview” group, a lesser-known North Korean outfit distinct from the more infamous Lazarus Group.
The hack bypassed prior smart contract audits by leveraging stolen credentials to manipulate bridge settings, enabling the minting of unpegged tokens. Seedify halted all cross-chain bridges and blacklisted attacker wallets, while urging users to revoke token approvals. Despite these measures, the token’s price briefly hit $0.00005504 before rebounding to $0.28, still down 78% from its $2.34 peak a month earlier. Over 64,000 holders were affected, with the founder, Levent Cem Aydan, stating the attack targeted four years of work built without venture capital funding.
Seedify’s response included a $1.2 million bounty for information, collaboration with cybersecurity firm Zero Shadow, and outreach to Binance CEO Changpeng Zhao (CZ) to freeze stolen assets on BNBBNB-- Chain. CZ noted hackers increasingly infiltrate crypto firms via fake job applications and vendor bribes. The stolen funds, now concentrated on BNB Chain, remain unliquidated, with Seedify warning against purchasing tokens on compromised chains.
The incident highlights growing North Korean cyber threats to DeFi infrastructure. Contagious Interview, linked to over 230 victims this year, joins Lazarus Group as a state-sponsored actor exploiting crypto vulnerabilities. Lazarus, responsible for $3–6 billion in thefts since 2017, recently targeted Bybit ($1.5 billion) and CoinDCX ($44 million). Seedify’s breach underscores the fragility of cross-chain bridges, even when audited, as private key compromises can bypass technical safeguards.
Market analysts emphasize the need for multi-signature approvals and real-time on-chain monitoring. Seedify’s founder remains resolute, vowing to rebuild trust through transparency and security upgrades. Meanwhile, the broader crypto sector faces a reckoning with North Korean actors, whose tactics evolve to exploit regulatory gaps and human vulnerabilities. As DeFi adoption grows, so does the imperative for robust infrastructure and collaborative threat intelligence to mitigate such attacks.
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
Comments
No comments yet