SFUND, the official token of Seedify, plummeted by 99% after North Korean hackers extracted $1.2 million from the DAO launchpad.
At approximately 12:05 UTC on September 23, a state-affiliated group notorious for multiple Web3 exploits, linked to the DPRK, gained access to a Seedify developer’s private keys.
With these credentials, they minted substantial amounts of SFUND tokens through a bridge contract that had previously undergone audit approval.
How North Korean Hackers Drained SFUND Liquidity Across 4 Major Chains
According to an official X post, Seedify confirmed that the North Korean hacker breach resulted from a private key compromise, allowing attackers to modify settings and mint unauthorized tokens on Avalanche.
Seedify revealed that the contract should not have permitted token minting without corresponding bridged tokens, as they employed one of the world’s most trusted and experienced auditors to review the smart contracts and received assurance that the code represented secure, audit-approved contracts.
“We will be in touch with our auditors and security experts to review the security of all our other infrastructure,” the team stated.
Hackers bridged stolen tokens to Ethereum, Arbitrum, and Base, draining liquidity pools before moving the maximum amounts to BNB Chain for sale.
“There is no ongoing risk to liquidity on BNBChain anymore, and we have paused all bridges. However, we advise against purchasing tokens on other chains until further notice,” Seedify warned.
Core contracts, user wallets, and the underlying protocol remain unaffected.
The team pledged transparent recovery efforts and will provide updates through official channels.
“We want to extend our deepest gratitude to our community and partners; your incredible support means the world to us during this time,” they added.
Seedify thanked blockchain investigator ZachXBT for connecting them with Zero Shadow, which helped identify the attackers and their methods of attack.
“We Didn’t Come This Far to Come This Far”—Seedify Founder Vows Comeback
Seedify founder Levent Cem Aydan (popularly known as Meta Alchemist) expressed his frustration with the attack.
In a recent X post, he shared that he created Seedify from personal hardship, investing his final funds into DEX liquidity and airdrop fees.
“We didn’t raise VC money, didn’t ask for a dime from anyone, and gifted more than thirty thousand people our initial tokens. DPRK/Lazarus decided to take everything we built over 4.5 years in one hack.”
He confirmed that the contracts were audited and believed to be secure, but North Korean hackers found a vulnerability and exploited it.
However, he remained resolute that the team would not be defeated.
“We didn’t come this far to come this far, and there are so many people’s hard-earned money in here.”
He added that they would announce their plan to rise like a phoenix by tomorrow and thanked the community for its ongoing support.
Six-Figure Investor Watches SFUND Portfolio Sink 99% to $0.00005504
Alpha Collective founder Joseph Jaffe, who invested six figures in SFUND, publicly lamented that his investments are now underwater as the Seedify token dropped 99% to an all-time low of $0.00005504.
However, following the Seedify team’s urgent response efforts, the token has rebounded to $0.28 but remains down more than 78% from the $2.34 mark it held just a month ago.
The North Korean state-affiliated hacker group, commonly known as Lazarus, has executed a $1.5 billion heist, the largest connected to the crypto exchange Bybit this year
Additionally, cybersecurity experts from Cyvers have linked the Lazarus Group to the July 19 hack on the Indian crypto exchange CoinDCX, which compromised $44 million.
Other targets include Ronin Bridge (March 2022, $625 million), Poly Network (August 2021, $600 million), and WazirX (July 2024, $235 million).
Since 2017, the group has stolen $3-6 billion in crypto assets, allegedly funding North Korea’s nuclear and missile programs.
Binance founder Changpeng Zhao, also known as “CZ,” recently revealed that these hackers now infiltrate crypto companies through fake job applications, fraudulent interviews, and employee bribery.
CZ outlined three attack methods: posing as developer/security candidates, conducting malware-laden interviews, and bribing vendors for data access.
The post SFUND Token Crashes 99% as North Korean Hackers Drain $1.2M from Seedify Bridge appeared first on Cryptonews.
Credit: Source link