Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Meta Alchemist, founder of the Web3 incubator and launchpad platform Seedify, announced on X that one of its SFUND bridges was recently hacked. According to Seedify’s official account, a DPRK-affiliated group known for multiple Web3 exploits gained access to a developer’s private key. Using this access, the attackers were able to mint a large number of SFUND tokens through a bridge contract that had previously passed audit.As a result, the OFT contract was compromised, allowing the attackers to alter its settings and mint unauthorized tokens on Avalanche.Subsequently, the hacker transferred the minted tokens across multiple chains, including BNB, where they sold most of the SFUND tokens. In response, Binance founder Changpeng Zhao stated that he had communicated with several security experts in the industry, who successfully tracked and froze approximately $200,000 of the stolen funds on the HTX exchange. Attack method (per SlowMist): Private Key Leakage. Reported loss: $ 1,700,000.
- chain
- avalanche
- protocol
- Seedify
- bug_class
- private-key
- date_occurred
- 2025-09-23
- loss_usd
- $1,700,000
- source_id
- sm:seedify::2025-09-23