Seedify reported that a DPRK state-affiliated Web3 hacking group gained access to a developer’s private key at about 12:05 UTC and used the access to abuse minting privileges. The attacker modified OFT contract settings and minted unauthorized SFUND tokens on Avalanche through a bridge contract that had previously passed audit. The tokens were then bridged to Ethereum, Arbitrum, and Base to drain available liquidity pools, and the maximum possible amount was bridged to BNB and sold before containment. Seedify said the incident was limited to a compromised wallet’s minting privileges, with core contracts, user wallets, the website, and the underlying protocol unaffected. The response included pausing bridges, coordinating with centralized exchanges, blacklisting attacker addresses across multiple chains, and revoking the compromised permissions.