BlockBeats News, September 24th, Seedify tweeted that, “At approximately 20:05 (Beijing time) yesterday, an organization associated with North Korea and known for multiple Web3 hacking incidents obtained the private key of one of our developers. Leveraging this access, they minted a large amount of SFUND tokens through a previously audited cross-chain bridge contract. As a result of this incident, the OFT contract was compromised, allowing the attacker to modify contract settings and mint unauthorized tokens on Avalanche.”
As per the design, the contract was not supposed to complete the minting without any cross-chain tokens. The attacker then bridged these tokens to Ethereum, Arbitrum, and Base, draining available liquidity pools on these chains and ultimately bridging to BNB as much as possible, conducting a sell-off before we could contain the situation. Liquidity on the BNBChain is not at continued risk, and we have temporarily halted all cross-chain bridges. However, we advise against purchasing the token on other chains until further notice.
Upon discovery of the issue, immediate coordination was done with centralized exchanges to halt trading, blacklist the attacker’s address on multiple chains, and revoke compromised permissions. Additionally, the cross-chain bridge functionality has been temporarily disabled. It is important to note that this incident was limited to the minting permission of one compromised wallet. The core contract, user wallets, website, and underlying protocols were not affected.”
