Quick Take
- Compromised developer key let DPRK-linked hackers mint unauthorized SFUND tokens across chains.
- Roughly $1.7 million was stolen before Seedify froze bridges and revoked permissions.
- SFUND dropped over 35% as exchanges blacklisted attacker wallets.
Seedify Bridge Compromise
Seedify Fund confirmed on September 23 that its token bridge had been exploited, with attackers minting billions of unauthorized SFUND tokens. The breach was traced to a compromised developer key, which allowed North Korea–linked hackers to bypass contract permissions and drain liquidity pools across Ethereum, Arbitrum, and Base before funneling funds back to BNB Chain.
The majority of stolen funds were sold on BNB, sending SFUND’s price tumbling from $0.42 to $0.28 in a single day. Binance founder Changpeng Zhao said security teams managed to freeze about $200,000 tied to the exploit, though most of the assets remain onchain.
Seedify stressed that the incident was isolated to bridge infrastructure and that core contracts, user wallets, and the main protocol were not affected. All bridges have been paused while auditors and external investigators assess the damage.
Fallout and Attribution
Nearly 64,000 wallets holding SFUND were impacted, with many users reporting losses from liquidity pools and staking positions. The sharp price decline sparked heavy frustration across social media, with calls for independent investigators like ZachXBT to continue tracing the stolen funds.
Onchain evidence shows the attacker’s wallets are connected to addresses used in earlier Lazarus Group operations. Security firm Cyvers confirmed that the exploit stemmed from a design flaw in the bridge contract, which should not have had minting privileges without active bridging.
Wider Impact on DeFi Bridges
The Seedify exploit follows a long line of bridge vulnerabilities that have plagued the DeFi sector since the Ronin and Wormhole incidents. According to Chainalysis, North Korea-linked hacks accounted for $1.3 billion in losses in 2024, with 2025 already surpassing that figure after the Bybit breach earlier this year.
Despite heavy auditing and new security layers, bridges remain one of the most targeted parts of crypto infrastructure. Seedify’s case highlights how single points of failure such as developer key compromises can still devastate ecosystems, even when contracts have passed external review.
