North Korean hacker groups strike again in the DeFi sector: Seedify Fund targeted

North Korean hacker groups linked to the state have struck again in the DeFi sector, relieving the Web3 gaming incubator Seedify Fund of $1.2 million through its token bridge infrastructure. The attack leaves a clear trail of devastation in the value of the native token SFUND on various exchanges. On Tuesday, Seedify's cross-chain bridge on the BNB Chain was targeted by the attackers. They exploited a security vulnerability to unauthorizedly mint tokens and systematically drained liquidity pools on the Ethereum, Arbitrum, and Base networks before exchanging the proceeds on the BNB Chain. According to blockchain analyst ZachXBT, the addresses involved in the Seedify theft are linked to previous incidents associated with the North Korean hacker group known as "Contagious Interview." Between January and March of this year, more than 230 victims of this campaign were documented, according to a recent report by SentinelLABS. The SFUND token has lost nearly 35% of its value in the past 24 hours and is now trading at $0.28, down from $0.42 before the attack, as reported by CoinGecko data. Seedify founder Meta Alchemist expressed shock over the loss, attributed to a compromised developer key that allowed North Korean actors to improperly mint $SFUND tokens through a bridge contract. Hakan Unal from Cyvers told Decrypt that this contract should not have been able to mint tokens without them actually being bridged. The response from the crypto industry was swift. Binance founder Changpeng Zhao (CZ) stated that security forces helped freeze $200,000 at the HTX exchange, while the rest remained on the blockchain. A SentinelLABS report highlighted that the North Korean hackers operate in coordinated teams, presumably using platforms like Slack and various intelligence sources to monitor their infrastructure. Despite extensive threat analyses, no systematic changes have been made to hinder detection. Instead, new infrastructure is established more quickly after disruptions. North Korean actors protect their private loot and work under pressure to maximize individual yields, rather than advancing collective security improvements.