Stolen Keys Reveal Major Vulnerability in DeFi as North Korean Hackers Launch Another Attack

Seedify’s $SFUND token experienced an unprecedented 99.99% collapse in value after a $1.2 million exploit, which has been linked to a hacking group associated with North Korea. This incident exposed significant weaknesses in cross-chain bridge security and reignited concerns about the robustness of Web3 security measures. The breach, which took place on September 23, 2025, saw attackers mint unauthorized $SFUND tokens by exploiting a compromised bridge contract on the

Chain. This allowed the perpetrators to siphon liquidity from pools on , , and Base networks, before converting the stolen assets on BNB Chain. Seedify’s founder, Meta Alchemist, confirmed the exploit in a public address, revealing that the attackers used a developer’s stolen private key to bypass protections in a contract that had previously passed security checks.

The attack impacted roughly 64,000 holders, with the price of SFUND plunging from $0.43 to nearly zero in a matter of minutes, before partially rebounding to $0.21. In response, Seedify quickly suspended trading on centralized exchanges, blacklisted the addresses involved, and shut down cross-chain bridges to prevent further damage. The team also revoked compromised permissions and assured the community that BNB Chain liquidity was now secure. Despite these actions, the event has cast doubt on the effectiveness of current DeFi security protocols. Hakan Unal, Senior SOC Lead at Cyvers, stressed the importance of implementing multi-signature controls and continuous on-chain surveillance to guard against similar breaches.

Blockchain investigator ZachXBT traced the exploit to the DPRK’s “Contagious Interview” operation, a campaign that has targeted over 230 victims this year. The group is known for swiftly exploiting infrastructure flaws, frequently using stolen credentials and automated methods to conceal their tracks. Binance CEO Changpeng Zhao (CZ) stated that security teams managed to freeze $200,000 of the stolen funds at HTX exchange, but the majority of the assets remained on-chain. SentinelLABS reported that the DPRK’s operations are highly coordinated, with hackers working in real-time teams and utilizing platforms like Slack and Validin to monitor for vulnerabilities.

This breach highlights the escalating risk posed by state-backed cybercriminals in the digital asset sector. According to Chainalysis’ mid-2025 report, groups linked to North Korea have stolen more than $2.8 billion across 2024 and 2025, including a $1.5 billion theft from ByBit earlier this year. Experts attribute these successes to North Korea’s deliberate strategy of using cryptocurrency theft to fund military initiatives, with the Lazarus Group specializing in stealthy, large-scale attacks. Dr. Tom Robinson from Elliptic observed that these operations run almost non-stop, with skilled teams and automated systems working in shifts to move illicit funds.

Seedify’s founder has made a public appeal for help in identifying the attackers, offering rewards to blockchain analysts. The incident has also led to wider calls for stronger security standards in DeFi. Analysts point out that while audits are essential, they are not foolproof, and projects must adopt proactive defenses such as layered key management and real-time threat monitoring. The $SFUND incident is a stark warning of the vulnerabilities inherent in cross-chain systems, which continue to be attractive targets for those seeking to exploit trust in decentralized networks.

As the crypto sector deals with the aftermath, this event underscores the pressing need for greater cooperation across the industry and clearer regulatory guidelines. With attacks linked to North Korea expected to persist, both investors and developers are urged to prioritize security and thorough due diligence over rapid innovation.