This week, attackers took advantage of the SFUND bridge in Seedify, which resulted in losses of approximately $1.7 million across different chains. Binance founder Changpeng Zhao confirmed that $200,000 of the money involved in the attack had been frozen on HTX. Meta Alchemist, the project’s partner, said the attackers drained funds through its OFT bridge contract. The majority of losses were on the BNB Chain , where more than $1.2 million is still controlled by the attackers, which directly affects close to 64,000 holders. Hi @cz_binance a few hours ago our bridge/oft contract got hacked, and hackers transferred minted tokens onto many chains, including BNB, where they sold most of the $SFUND tokens. Currently they hold more than $1.2M in BNBchain: 0x14181636dd5BC8C6b8b47F8D0fd1b1e351B84bE4 A lot… — Meta Alchemist (@meta_alchemist) September 23, 2025 In response , Zhao said major exchanges blacklisted addresses associated with the incident. He said the breach may be traced back to cyber units in North Korea, a suspicion supported by overlapping addresses linked to previous DPRK-related exploitation. CZ noted, “Talked to a few security guys in the industry. I believe they were able to help track it and froze $200k at HTX; the rest seem to remain on-chain. Looks like North Korea DPRK. Major CEXs probably have these addresses on blacklists now. Good luck!” Seedify’s security response and audit concerns Seedify acknowledged the exploit was from compromised developer keys. At around 12:05 UTC, the attackers unlocked the Avalanche bridge contract and changed permissions to be able to mint unauthorized SFUND tokens. The project highlighted that the contract was submitted to an audit by a well-known company, further highlighting the breach’s sophistication. In spite of this, billions of fake tokens were minted and exchanged for assets such as BNB and ETH. To mitigate the loss, Seedify hacked down all of the cross-chain bridges, revoked permissions, and liaised with centralized exchanges to freeze associated trading. The team guaranteed that the liquidity on BNB Chain is no longer at stake. The SFUND token dropped to almost 60%, briefly touching $0.05 before returning to $0.245. After the rebound, the token realized a 42% loss per day, and monthly and year-to-year losses have now increased to 50% and 80%, respectively. The fall in prices left numerous holders with huge financial losses. Other residents in the community were lamenting, and others tagged blockchain investigators like ZachXBT to trace the stolen money. The co-founder of Seedify promised a bounty to encourage investigators to monitor the hackers. North Korea’s ongoing cyber footprint Analysts and blockchain investigators have increasingly linked state-sponsored activities of North Korean groups to major hacks. The Lazarus Group is the infamous cyber unit of the DPRK, reportedly involved in attacks like the Ronin bridge exploit worth over $620 million in 2022. The SFUND hack evidence indicates that addresses intersect with wallets belonging to Serenity Shield and other historical attacks, which were described as organized by DPRK groups. On-chain data shows stolen funds are transferred using addresses that had been used in previous cybercrime incidents. Reportedly, hackers had stolen as much as $8.8 million, seemingly an exaggeration. Subsequently, it was established that the stolen amount of SFUND tokens reached $1.2 million, significantly impacting the BNB Chain customers. Seedify recognized the difficulty but reiterated that it would carry on with the construction. In its most recent announcement, the group indicated that the incident would not hijack its long-term objectives in Web3 development. If you're reading this, you’re already ahead. Stay there with our newsletter .
