CZ Confirms $1.2M SFUND Hack, Says DPRK Hackers Likely Involved

The Seedify ($SFUND) community was shaken this week after attackers drained over $1.2 million through a bridge exploit. The hack, which spread across several chains, has now caught the attention of Binance co-founder Changpeng “CZ” Zhao. He confirmed the breach and suggested that hackers linked to North Korea’s DPRK may be behind the theft.

How the Hack Unfolded

On September 23, Meta Alchemist, a blockchain researcher, reported that someone had compromised Seedify’s bridge and cross-chain contract. Attackers minted new $SFUND tokens across multiple networks. Including BNB Chain, Polygon, Arbitrum and Base. Hackers quickly swapped these freshly minted tokens for assets such as BNB and ETH. It allows the hackers to drain liquidity from the ecosystem.

According to initial reports, attackers created billions of fake tokens on Base and swapped them for 141 ETH. On BNB Chain, they exchanged 8.7 million $SFUND for roughly $1.2 million worth of BNB. The team estimates the combined theft across chains at about $1.7 million. Specter, an on-chain analyst, revealed that the attacker was dispersing the stolen funds into several addresses. The tactic makes it harder for investigators and exchanges to track the flow.

CZ Responds, Funds Frozen

As the situation escalated, members of the Seedify community called on CZ to intervene. In a direct post to him, Meta Alchemist noted that over 64,000 BNB Chain users were affected. Urging for immediate action before funds could exit the blockchain. CZ later responded on X, saying he had consulted several industry security experts. He confirmed that about $200,000 of stolen assets had already been frozen at the exchange HTX. The rest, he noted, remained on-chain but are now likely flagged by major centralized exchanges. “Looks like North Korea DPRK,” CZ wrote, adding that large exchanges have probably blacklisted the hacker addresses.

DPRK Links Surface

This is not the first time North Korean linked groups have been tied to bridge hacks. The country’s Lazarus Group has been connected to several high-profile exploits. This includes the $620 million Ronin bridge hack in 2022. In this case, blockchain investigator ZachXBT pointed out that the funding addresses tied to the SFUND hack overlapped with wallets from past Serenity Shield. And other exploits linked to DPRK-affiliated groups. Additional on-chain evidence shows that funds are flowing through addresses that were previously active in incidents connected to North Korean cybercrime activity. This overlap strengthens the suspicion that the same network of state-backed hackers is responsible.

Market and Community Impact

The price of $SFUND plunged nearly 60% in the hours following the breach. It dropped to as low as $0.05 before recovering slightly near $0.17. For many holders, the financial loss is severe. But the emotional toll has been just as heavy. Community members expressed frustration and sadness across social media. One former Seedify team member said they were “heartbroken” for current developers and investors who trusted the project. 

Others urged well-known investigators like ZachXBT to step in and assist. Despite the setback, BNB Chain confirmed it was aware of the incident and had already begun looking into the matter. With exchanges blacklisting the hacker wallets. Attackers may have limited options to offload the funds. Still, the bulk of the stolen money remains beyond reach.

Ongoing Battle Against Bridge Exploits

The SFUND exploit adds to a long list of bridge related hacks. That has plagued the crypto industry. Cross-chain bridges remain one of the weakest points in decentralized finance. Hackers often target it for its complex design and large liquidity pools. For Seedify, the challenge now is to restore trust among its community. 

With CZ and major exchanges stepping in to freeze part of the funds. Some damage control is possible. Yet the broader lesson for the industry is clear. Security gaps in cross-chain infrastructure continue to attract some of the most sophisticated hacking groups in the world. As regulators, exchanges and developers work to address these vulnerabilities. Incidents like the SFUND hack highlight how much work we still need to do.