TL;DR
Seedify’s SFUND token became the latest target of a cross-chain exploit this week, resulting in multimillion-dollar losses and renewed concerns over blockchain security. The breach drained approximately $1.7 million across multiple networks, with Binance founder Changpeng Zhao confirming that $200,000 of the stolen funds were frozen on HTX. However, the majority of the compromised assets remain in circulation, leaving thousands of holders exposed.
Talked to a few security guys in the industry. I believe they were able to help track it and froze $200k at HTX, the rest seem to remain on-chain. Looks like North Korea DPRK.
Major CEXs probably have these addresses on blacklists now. Good luck!
— CZ
BNB (@cz_binance) September 24, 2025
The attack originated from Seedify’s OFT bridge contract, which was compromised through developer keys. At around 12:05 UTC, the attackers unlocked the Avalanche bridge contract and altered permissions to mint unauthorized SFUND tokens. These tokens were then exchanged for assets such as BNB and ETH. While $200,000 was intercepted and frozen, more than $1.2 million remains under attacker control on the BNB Chain, directly affecting nearly 64,000 holders.
Zhao confirmed that major centralized exchanges quickly blacklisted addresses tied to the exploit. He noted that security teams across the industry collaborated to trace the funds, leading to the freeze at HTX. Despite these efforts, the bulk of the stolen assets remain on-chain. Zhao suggested that the breach bore hallmarks of North Korean-linked cyber units, echoing patterns seen in previous high-profile exploits.
In response, Seedify shut down all cross-chain bridges, revoked permissions, and coordinated with exchanges to freeze suspicious transactions. The project emphasized that its contracts had been audited by a reputable firm, underscoring the sophistication of the attack. Despite mitigation efforts, the SFUND token plummeted nearly 60%, briefly hitting $0.05 before rebounding to $0.245. Even after recovery, the token recorded a 42% daily loss, with monthly and yearly declines of 50% and 80% respectively, leaving many holders with steep financial setbacks.
Investigators have increasingly tied such exploits to North Korea’s Lazarus Group, which has been implicated in major hacks, including the $620 million Ronin bridge attack in 2022. On-chain data from the SFUND incident revealed overlaps with addresses used in previous DPRK-related operations. While some reports exaggerated the stolen amount to $8.8 million, the confirmed figure remains $1.7 million, with $1.2 million still unaccounted for. Seedify pledged to continue its Web3 development despite the setback, offering bounties to investigators tracking the attackers.
Also read: ONDO Price Analysis: Can Bulls Break $1.00 and Push Toward $1.13 Target?
