The cryptocurrency world faced a shocking blow on September 23, 2025, as the SFUND token suffered a dramatic crash of 99% following a cyberattack on Seedify’s cross-chain bridge.

How the Hack Happened

Hackers linked to North Korea exploited the platform’s systems, stealing $1.2 million and affecting more than 64,000 token holders. The attack sent shockwaves through the decentralized finance (DeFi) community and highlighted major security concerns in crypto networks.

The breach began at 12:05 UTC on September 23, when hackers gained access to private developer keys. With these credentials, they exploited a weakness in Seedify’s cross-chain bridge on the Avalanche network. Using this flaw, the attackers created large amounts of unauthorized SFUND tokens and quickly moved them across multiple blockchains, including Ethereum, Arbitrum, Base, and BNB Chain.

The hackers’ actions drained liquidity pools and destabilized the token’s value. They spread stolen tokens across different platforms before converting most of the funds, which allowed them to maximize profits and avoid immediate detection. The scale and speed of the attack showed a high level of planning and technical skill.

Token Price Collapse and Investor Losses

The SFUND token’s price fell from $0.43 to nearly zero in minutes, marking one of the most dramatic crashes in recent cryptocurrency history. Panic spread quickly, and trading volumes surged as investors rushed to sell their holdings. Thousands of individual investors faced massive losses, with some reporting that six-figure investments became almost worthless overnight.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

After initial recovery measures by the Seedify team, the token temporarily stabilized around $0.21 and later rose to approximately $0.28. Despite this, the drop remains catastrophic compared to its $2.34 value just one month before the attack. The dramatic decline underlined the vulnerability of crypto investors when state-sponsored cybercriminals target digital assets.

Response and Security Measures

Following the attack, Seedify acted quickly to limit further damage. The team coordinated with major cryptocurrency exchanges to halt SFUND trading and blocklisted the hackers’ wallet addresses across multiple networks. Some stolen funds were frozen at certain exchanges, but most remain on blockchain networks, making full recovery challenging.

Security experts noted that the breach occurred despite prior audits of Seedify’s bridge contracts. The incident revealed critical vulnerabilities in cross-chain infrastructure. Hackers now use increasingly sophisticated methods, including fake job applications, fraudulent interviews, and employee bribery, to bypass traditional security measures.

Binance founder warns crypto firms of North Korean hackers posing as job seekers to steal assets

This attack is part of a growing trend where North Korean-linked hackers focus on DeFi platforms and cross-chain bridges rather than direct exchange hacks.

Such infrastructure holds large amounts of cryptocurrency and often contains complex code, making it a prime target. Experts suggest multi-signature controls, closer monitoring of on-chain activity, and incident response planning to reduce risks in the future.

Seedify continues to operate its Web3 incubator and launchpad services while working to secure remaining systems. The incident has shaken investor confidence and raised broader concerns about DeFi security, particularly regarding cross-chain bridges.

The speed and scale of the attack demonstrate the increasing sophistication of state-backed cybercriminal operations in the crypto sector.