AI Threat Detection and Better Wallet Controls: The Only Way to Counter DPRK Attacks?
North Korea-linked hackers have struck again - this time exploiting Seedify’s $SFUND cross-chain bridge. According to Inca Digital, attackers compromised a developer’s private key to mint new tokens on Avalanche, then funneled them across Ethereum, Arbitrum, Base, and finally BNB Chain, draining liquidity
pools and laundering more than $1.2M. Seedify responded quickly by blacklisting addresses, pausing its bridge contracts, and coordinating with exchanges, but the breach highlights the fragility of cross-chain infrastructure and private key security.
This exploit comes amid broader concerns about DPRK infiltration of crypto companies through fake developer profiles, a tactic flagged by both researchers and industry leaders like Changpeng Zhao. Recent investigations revealed more than 60 North Korean IT workers posing as freelancers, securing jobs in Web3 startups to position themselves for insider attacks. Security experts warn that reactive measures aren’t enough; firms need proactive defenses, including dual-wallet controls, enhanced employee vetting, and AI-driven anomaly detection to flag suspicious patterns in real time.
The Seedify breach is more than just another DeFi hack - it’s a case study in how state-backed actors combine social engineering, technical exploits, and insider access to sustain a multi-billion-dollar cybercrime economy.
Canada Cracks Down: KuCoin Penalized for AML & Reporting Violations
KuCoin is once again in the compliance spotlight - this time in Canada. The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) hit the exchange’s operating entity, Peken Global Ltd., with a C$19.5 million (~$14.1M) penalty for failing to register as a foreign money services business, neglecting to report large crypto transactions, and not filing suspicious activity reports.
The penalty, announced in late July, marks one of the largest AML enforcement actions against a crypto exchange in Canada to date. KuCoin, long criticized in compliance circles for a lax regulatory approach, immediately appealed the decision, arguing that FINTRAC’s classification was inaccurate and the fine “excessive and punitive.”
Battle Over Blockchain Accuracy: Outdated Validation or Real Proof?
Chainalysis is celebrating new academic validation: independent researchers at TU Delft (Netherlands) presented a paper at USENIX Security Symposium claiming Chainalysis delivers the “most accurate and reliable blockchain data” with less than 0.15% false positives and ~95% coverage across tested illicit services. The company has framed this as peer-reviewed confirmation of its market dominance, especially after competitors reportedly refused to participate in the study.
But not everyone is convinced. Ariadne Hub, a blockchain intelligence collective affiliated with this newsletter, criticized the research as outdated and
misleading. The paper only evaluated three long-defunct services : BestMixer, Hansa Market, and Wall Street Market - all dismantled more than five years ago. According to Ariadne, this ignores modern obfuscation methods like wallet cycling, nested OTCs, and current laundering pipelines, making any claims of “most accurate” highly questionable.
The pushback highlights a broader debate in crypto intelligence: Should accuracy be measured on historic cases where full ground truth is available, or on real-world, evolving typologies that investigators face today? Chainalysis argues transparency and peer-reviewed validation prove credibility. Ariadne insists the focus should be on today’s threats, not the ghosts of darknet markets past.
More weekly top stories:
ChainArgos helps in Roman Sterlingov's appeal
Why most hacks happen on Fridays?
My first blockchain Investigation Project
HSBC invests in Elliptic
More stories from this week:
See you next week!
