On September 23, web3 launchpad Seedify suffered a major exploit targeting its cross-chain bridge for the SFUND token. According to the team, the attackers used a stolen developer key to gain access to a bridge contract that had passed prior audits. This led to the minting of unauthorized SFUND tokens, which were then moved across multiple chains and quickly sold, causing large price swings and damaging user confidence.

The attack has been attributed to a group linked to North Korea, and Seedify has planned what it calls a "Phoenix Raise" to support affected users and rebuild its platform.

Key Access Leads to Bridge Exploit

At around 12:05 UTC on September 23, the attackers managed to gain control over a developer's private key. With that access, they were able to change the settings of Seedify's OFT bridge contract and mint a large amount of new SFUND tokens on Avalanche.

Normally, tokens are only minted through the bridge if actual funds are moved between chains. But by modifying the contract logic, the attacker bypassed these controls. The contract in question had previously passed audits by a leading security firm, but that did not stop the exploit due to the nature of the compromise.

After the tokens were minted on Avalanche, the attacker moved them across several chains, including Ethereum, Arbitrum, and Base, draining liquidity pools along the way. The attacker then sent the remaining tokens to BNB Chain, where they were quickly sold before the team was able to stop the breach.

Liquidity Drained, Price Drops Sharply

As the exploit unfolded, SFUND's price dropped nearly 60% within a 24-hour window. The token reached a low of $0.0537 before bouncing back closer to $0.25. It was a sudden crash, with over $1.2 million in value lost during the process.

An estimated 64,000 SFUND token holders on BNB Chain were directly impacted. Many saw their holdings lose value or become diluted. A portion of the stolen funds, around $200,000, was frozen by HTX to limit further losses.

Quick Action by the Seedify Team

Once the issue was detected, Seedify responded by halting all cross-chain bridge operations and pausing token activity across impacted chains. The attacker's wallet addresses were blacklisted, and permissions tied to the compromised key were revoked.

Seedify warned users not to buy SFUND on any chain other than BNB Chain until further notice. They emphasized that the exploit only impacted one compromised wallet and that core contracts, user wallets, and the main protocol were not affected.

The team is now reviewing all infrastructure in coordination with external auditors and security partners. Trading on CEXs was also halted to help contain the incident and reduce volatility.

Who Was Behind the Attack?

Seedify named a state-linked group from North Korea as the party behind the attack. According to the team, the same group has been involved in several other high-profile web3 exploits in the past. The claim was supported by onchain analysis and a detailed review by security partners (ZachXBT, ZeroShadow) familiar with similar cases.

The group was able to move fast; minting, bridging, and selling the tokens across 4 blockchains before major damage control could be enacted.

Security Breakdown: How the Exploit Worked

The incident began when a DPRK state-affiliated group, known for several web3 attacks, gained access to one of Seedify's developer private keys. This access allowed the attacker to change settings in the OFT bridge contract and mint a large amount of SFUND tokens on Avalanche without any real bridging activity taking place.

At this stage, it's still unclear how the developer's key was compromised. No official post mortem has been released by the team yet. What's known is that the attacker was able to use that key to gain elevated control over the contract's minting privileges.

The affected contracts had passed audits, but the attacker didn't rely on code vulnerabilities. Instead, they used valid permissions tied to the compromised key to override protections and issue unauthorized tokens.

Once the tokens were minted, the attacker moved them to Ethereum, Arbitrum, and Base, draining liquidity pools by swapping the tokens for other assets. The final and largest part of the operation happened on BNB Chain, where the remaining tokens were sold before controls were enforced.

Seedify Unveils "Phoenix Raise"

To support those affected and secure its ecosystem moving forward, Seedify's founder, Meta Alchemist, announced a plan called the "Phoenix Raise." This recovery effort is aimed at not only covering losses but also helping the platform transition into a new phase.

The Phoenix Raise will be conducted through a CEX, and funds raised will go toward 4 main goals:

  • Making users whole who lost funds in the liquidity pools
  • Funding a full overhaul of Seedify's security stack
  • Conducting buybacks of SFUND to support the token economy
  • Investing in growth, marketing, and a move toward a permissionless launchpad model

The team also confirmed that a full migration of the token is being prepared, though no exact timeline has been given. Users have been advised to only use SFUND on BNB Chain and wait for official instructions regarding the migration.

Seedify says it plans to have every contract re-audited by multiple firms and will set up a new bounty program for reporting vulnerabilities. The team described this event as a turning point: not the end of Seedify, but a transformation into something more resilient.

Rebuilding Trust in Web3 Infrastructure

The Seedify hack is another example of how vulnerable web3 platforms remain, especially when it comes to cross-chain bridges. Even contracts that pass audits are still exposed if private keys are not protected with extreme care.

The incident also sparked broader conversations in the community about centralized permissions and the risks of holding too much control in a single wallet. Projects are now expected to put extra protections in place, such as multi-sig approvals and time-based delays on critical actions.

While some funds were recovered, and no user wallets were compromised, the loss of trust was significant. How Seedify handles the next steps will likely shape the future of its platform.

A Turbulent Week for Web3

The SFUND exploit isn't the only security issue shaking the web3 world this week. On Sunday, a stage 4 cancer Twitch streamer known as RastalandTV lost over $32,000 in crypto after downloading a malware-infected game from Steam called BlockBlasters.

The game, which had been updated silently with credential-stealing tools, wiped his wallet live on stream, which contained funds that had been raised to support his cancer treatment. The community quickly rallied to his aid, with crypto influencer Alex Becker and more stepping in to cover the stolen amount.

By Monday, over 261 similar cases were suspected, with more than $150,000 in total losses linked to the malware. The game has since been removed from Steam, but the damage continues to unfold.