Blockchain gaming incubator Seedify has confirmed a sophisticated security breach resulting in a $1.2 million loss from its cross-chain bridge. The attack, attributed to state-sponsored North Korean hacking groups, exploited a compromised private key to illegitimately mint SFUND tokens across multiple blockchain networks.
According to an official incident report published by Seedify’s security team, threat actors gained unauthorized access to a critical administrative key controlling token minting permissions. This access enabled the malicious creation of counterfeit SFUND tokens, which were subsequently bridged to other chains and liquidated through decentralized exchanges before security protocols could be activated.
The exploitation occurred despite Seedify’s multi-layered security infrastructure, highlighting the persistent threat posed by advanced persistent threat groups targeting cryptocurrency infrastructure. Security analysts note this attack vector demonstrates the critical importance of securing private key storage mechanisms, particularly for cross-chain protocols handling significant liquidity.
Seedify has initiated a comprehensive security audit and is collaborating with major exchanges to trace and potentially freeze the stolen assets. The platform temporarily suspended bridge operations to implement enhanced security measures, including multi-signature requirements and more frequent key rotation procedures.
This incident marks the latest in a series of cryptocurrency exploits linked to Democratic People’s Republic of Korea-affiliated hacking collectives, who have increasingly targeted decentralized finance protocols as revenue sources. Industry experts emphasize that such attacks underscore the ongoing arms race between protocol security teams and well-funded, state-sponsored threat actors operating in the digital asset space.
