tl;dr
North Korean state-sponsored hackers exploited a vulnerable token bridge to steal $1.2M from Seedify Fund, triggering a 35% crash in its native token. The attack, linked to the 'Contagious Interview' campaign, highlights growing risks in DeFi and raises alarms about state-sponsored cyber threats tar...
**North Korean Hackers Strike Again: Seedify Fund Suffers $1.2M Crypto Heist in DeFi Sector**
In a brazen attack that has sent shockwaves through the DeFi community, North Korean state-sponsored hackers have struck once more, targeting Seedify Fund, a Web3 gaming incubator. The breach, which exploited vulnerabilities in the platform’s token bridge infrastructure, resulted in the theft of $1.2 million and a devastating 35% plunge in the value of Seedify’s native token, SFUND.
The attack, which occurred on September 23, 2025, centered on Seedify’s cross-chain bridge on BNB Chain. Hackers gained access to a developer’s private key, enabling them to mint unauthorized SFUND tokens through a bridge contract that had previously passed security audits. This allowed them to siphon liquidity from Ethereum, Arbitrum, and Base networks before converting the stolen assets back onto BNB Chain. Seedify’s official statement described the breach as a “fundamental vulnerability” that should never have allowed such unauthorized token creation.
The hackers’ fingerprints are unmistakable. Blockchain analyst ZachXBT linked the attack to the “Contagious Interview” campaign, a series of DPRK-linked hacks that have targeted over 230 victims between January and March 2025, according to SentinelLABS. The stolen funds are tied to addresses previously associated with North Korean operations, underscoring the group’s escalating aggression in the Web3 space.
The fallout has been swift. SFUND’s price dropped from $0.42 to $0.28 within 24 hours, as investors fled the platform. Seedify founder Meta Alchemist lamented the loss, calling it a “4.5-year effort” wiped out in a single hack. Hakan Unal of Cyvers highlighted the critical flaw: “This contract should not have been able to mint tokens without bridging.” The incident has reignited calls for stricter security measures, including multi-signature approvals and real-time monitoring of on-chain activity.
Binance’s founder, Changpeng Zhao (CZ), confirmed that security experts had managed to freeze $200,000 of the stolen funds at HTX exchange, though the majority remained on-chain. “Major CEXs probably have these addresses on blacklists now,” he wrote, acknowledging the challenges of tracking state-sponsored actors.
The attack also reveals the sophistication of North Korean cyber operations. SentinelLABS noted that the “Contagious Interview” campaign employs coordinated teams using tools like Slack, VirusTotal, and Maltrail to monitor infrastructure exposure. Despite their ability to evade detection, the hackers have not made systemic changes to their tactics, instead deploying new infrastructure when disrupted—a strategy driven by the pressure of North Korea’s annual revenue quotas.
The broader implications are dire. North Korean groups have stolen over $1.3 billion in 2024 alone, with the ByBit hack’s $1.5 billion loss making 2025 their most successful year yet, per Chainalysis. New malware like “PylangGhost” targets crypto professionals through fake job postings, demonstrating a relentless evolution in their methods.
For the crypto industry, the Seedify breach is a stark reminder of the vulnerabilities lurking in decentralized systems. As one expert put it, “The line between innovation and risk is razor-thin.” With North Korea’s cyberattacks showing no signs of slowing, the race to secure Web3’s future has never been more urgent.
What does this mean for the rest of the crypto ecosystem? As Seedify’s story unfolds, the question isn’t just about recovering stolen funds—it’s about whether the industry can outpace a state-sponsored threat that views DeFi as both a target and a treasure trove.