Seedify was attacked by North Korean hackers, and cross-chain contracts were used to illegally issue additional SFUND

Seedify officially disclosed that the private key of one of its developers was stolen by a North Korean state-affiliated hacker group at approximately 12:05 UTC today. The attackers used this stolen private key to modify the OFT contract settings and illegally issue a large number of SFUND tokens via the cross-chain bridge contract on the Avalanche chain. They then cross-chained these tokens to Ethereum, Arbitrum, and Base. They then exploited the liquidity on these chains and sold the largest amount on the BNB chain, ultimately gaining control of the tokens.

Seedify stated that the incident was limited to the minting permissions of the stolen private key; core contracts, user wallets, the official website, and the underlying protocol were unaffected. The team has suspended all cross-chain bridges and collaborated with several centralized exchanges to freeze suspicious funds and revoke related permissions. Officials emphasized that BNB on-chain liquidity is no longer at risk, but cautioned users against purchasing SFUND on other chains for the time being.