North Korean Hackers Drain $1.2M From Seedify Bridge

A group of hackers in the North Korean province claims another victim of the Defi sector, using the token bridge infrastructure of the Web3 Gaming Incubator Seedify Fund to steal $1.2 million while destroying the platform’s native token SFUND on multiple exchanges.

The attack on Tuesday will target Seedify’s cross-chain bridges on the BNB chain, allowing hackers to create fraudulent tokens and convert revenues in the BNB chain before they can systematically emit liquidity pools across Ethereum, Gold Association and base networks. I said In that official statement.

“Seedify’s theft address is on-chained to past infectious interview incidents (DPRKs). Tweet Following the violation, according to a recent Sentinelabs Intelligence Report, it links the attack to an ongoing campaign that claimed more than 230 victims in January to March alone.

According to Coingecko data, Sfund tokens have plummeted nearly 35% in the last 24 hours and are currently trading at $0.28. It was trading for $0.42 before the hack was reported.

“DPRK/Lazarus decided to get everything they’ve built over 4.5 years in one hack,” said Meta Alchemist, founder of Seedify. Tweet In response to violation.

“Seedify Hack comes from a compromised developer key in which DPRK linked actors mint fraudulent $SFUND tokens via bridge agreements,” said Hakan Unal, lead at Cyvers’ senior security operations center. Decryption.

“The contract would not have allowed these tokens to be minted without the tokens being bridged,” Seedify explained in an official statement, revealing the fundamental vulnerabilities that allowed the creation of fraudulent tokens.

“The Hacker Wallet connects the on-chain to previous DPRK operations, highlighting how aggressive the ongoing rampage has become over Web3.

The crypto industry was quickly mobilized In responseBinance founder Changpeng Zhao (CZ) says he is a security expert Supported the $200,000 freezing In HTX Exchange, “The rest appears to be on the chain.”

The threat actor in the “Contagion Interview” campaign “runs in real-time collaboration and coordinated teams. It is likely that they use multiple intelligence sources, such as Balin, Balstotal and Maltrail, to monitor exposure to infrastructure, Sentinelav said.

The report also found that DPRK hackers “were thoroughly examining threat intelligence and identifying artifacts that could be used to discover infrastructure, but “we are not implementing systematic, large-scale changes to quickly deploy new infrastructure instead.”

“The competitiveness caused by North Korea’s annual revenue allocation “is driving operatives to “better than their colleagues” rather than protecting individual assets and adjusting security improvements,” the cybersecurity company said.

A recent Cisco Talos Intelligence Report showed that North Korean groups continue to improve their attacks with new malware such as “Pylanghost,” targeting crypto experts through fake Coinbase and Uniswap recruitment.

With DPRK-related losses totaling $1.3 billion in 2024, bybit Hack’s $1.5 billion was 2025 “the most successful year ever” according to the 2025 Crypto Crime Mid Year Update.