Stolen Keys Expose DeFi's Critical Flaw as DPRK Hackers Strike Again
Aime Summary
Seedify’s $SFUND token suffered a catastrophic 99.99% price drop following a $1.2 million exploit attributed to a DPRK-affiliated hacking group, exposing vulnerabilities in cross-chain bridge infrastructure and sparking renewed scrutiny of Web3 security protocols. The attack, which unfolded on September 23, 2025, involved the unauthorized minting of $SFUND tokens via a compromised bridge contract on the BNBBNB-- Chain, enabling hackers to drain liquidity pools across EthereumETH--, ArbitrumARB--, and Base networks before converting proceeds on BNB Chain. The breach, confirmed by Seedify’s founder Meta Alchemist in a public statement, exploited a developer’s stolen private key, allowing the attackers to bypass safeguards in a contract that had previously passed security audits.
The exploit affected approximately 64,000 token holders, with SFUND’s value plummeting from $0.43 to near zero within minutes before partially recovering to $0.21. Seedify swiftly halted trading on centralized exchanges, blacklisted malicious addresses, and disabled cross-chain bridges to mitigate further losses. The team also revoked compromised permissions and emphasized that liquidity on BNB Chain was no longer at risk. Despite these measures, the incident has raised questions about the adequacy of current security practices in decentralized finance (DeFi). Hakan Unal, Senior SOC Lead at Cyvers, noted the critical need for multi-signature approvals and real-time on-chain monitoring to prevent similar attacks.
Blockchain sleuth ZachXBT linked the breach to the DPRK’s “Contagious Interview” campaign, a series of attacks that have affected over 230 victims this year. The group’s modus operandi involves rapid exploitation of infrastructure vulnerabilities, often leveraging stolen credentials and automated tools to obscure transaction trails. Binance CEO Changpeng Zhao (CZ) reported that security teams had frozen $200,000 of the stolen funds at HTX exchange, though the remaining assets remained on-chain. SentinelLABS highlighted the DPRK’s coordinated approach, with hackers operating in real-time teams using platforms like Slack and Validin to monitor infrastructure exposure.
The attack underscores the growing threat posed by state-sponsored cybercriminals in the crypto space. Chainalysis’ 2025 mid-year report revealed that DPRK-linked groups have stolen over $2.8 billion in 2024 and 2025 combined, including a $1.5 billion heist on ByBit earlier this year. Experts attribute this success to North Korea’s strategic focus on cryptocurrency as a funding mechanism for military development, with Lazarus Group specializing in high-impact, low-detectability attacks. Dr. Tom Robinson of Elliptic noted that the regime’s operations are “nearly 24/7,” with automated tools and experienced teams working in shifts to launder funds.
Seedify’s founder has publicly appealed for assistance in tracking the hackers, including offering bounties to blockchain investigators. The incident has also prompted broader calls for enhanced security standards in DeFi protocols. Analysts emphasize that while audits are a critical step, they are not infallible, and projects must prioritize proactive measures such as multi-layered key management and real-time threat detection. The $SFUND crash serves as a stark reminder of the fragility of cross-chain systems, which remain a prime target for adversaries seeking to exploit trust in decentralized infrastructure.
As the crypto community grapples with the fallout, the incident highlights the urgent need for institutional collaboration and regulatory clarity. With DPRK-linked attacks projected to remain a significant threat, investors and developers alike must adopt a more cautious approach to project due diligence, emphasizing security over speed in the race to innovate.
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
Comments
No comments yet