On September 24, 2025, Seedify reported that a DPRK state-affiliated Web3 hacking group gained access to a developer’s private key at about 12:05 UTC and abused minting privileges. The attacker modified OFT contract settings, minted unauthorized SFUND tokens on Avalanche, bridged them to Ethereum, Arbitrum, Base, and BNB Chain, and drained liquidity pools before containment; Seedify said core contracts, user wallets, the website, and the underlying protocol were unaffected.