North Korean Cybercriminals Strike Again, Exploit Seedify Bridge and Tank SFUND
North Korean state-affiliated hacker groups have struck again in the DeFi sector, targeting Web3 gaming incubator Seedify Fund’s token bridge infrastructure and stealing $1.2 million, while sending the platform’s native token SFUND tumbling across multiple exchanges.
Exploit Details: Cross-Chain Bridge Vulnerability
The attack on Tuesday exploited Seedify’s cross-chain bridge on BNB Chain, enabling hackers to mint unauthorized tokens and drain liquidity pools across Ethereum, Arbitrum, and Base networks. Seedify confirmed that proceeds were later converted on BNB Chain. Blockchain researcher ZachXBT linked the breach to prior DPRK-related “Contagious Interview” incidents, which have affected over 230 victims earlier this year, according to SentinelLABS intelligence.
SFUND plunged nearly 35% in 24 hours, falling from $0.42 to $0.28, as Seedify founder Meta Alchemist lamented on Twitter: “DPRK/Lazarus decided to take everything we built over 4.5 years in one hack.”
Security experts highlighted that the hack stemmed from a compromised developer key, allowing DPRK-linked actors to mint tokens through a bridge contract that should not have permitted such actions. Hakan Unal, Senior SOC Lead at Cyvers, emphasized the importance of monitoring on-chain activity and enforcing multi-signature approvals to prevent similar incidents.
Industry Response and Ongoing DPRK Threat
The crypto community responded swiftly, with Binance CEO Changpeng Zhao noting that security teams helped freeze $200,000 at HTX exchange, while the remainder remained on-chain. SentinelLABS described DPRK hackers as operating in coordinated teams with real-time collaboration, leveraging tools like Slack, Validin, and VirusTotal to monitor infrastructure exposure.
Despite aggressive operations, DPRK hackers reportedly avoid systematic security improvements, instead rapidly deploying new infrastructure when disrupted. With 2024 losses totaling $1.3 billion and the ByBit hack adding $1.5 billion, DPRK-linked attacks have made 2025 the most successful year to date for North Korean cybercriminals, according to Chainalysis’ 2025 Crypto Crime Mid-Year Update.
This latest breach underscores the persistent and sophisticated threat North Korean hacker groups pose to the DeFi and Web3 ecosystem, highlighting vulnerabilities in token bridge protocols and the need for robust security measures.
