The incident, which saw the H token value plummet by up to 90% immediately following the disclosure, stemmed from the storage of sensitive backups on a workstation used during the project’s June 2025 mainnet launch. By gaining root access to this device, the intruders secured an admin hot wallet key alongside six Ethereum and BNB Safe owner keys. This level of access allowed the attackers to execute transactions and approve contract upgrades that appeared perfectly legitimate to the network, as they met all required multi-signature thresholds.
In section Cryptocurrency
Humanity Protocol Ties $36 Million Hack to North Korean Operatives
A single malware-infected developer machine compromised seven private keys, allowing attackers to drain 141 million H tokens from the Humanity Protocol bridge. Security firm Quantstamp confirmed the breach followed tactical patterns synonymous with North Korean state-sponsored hackers, bypassing smart contract protections entirely through authorized, yet illicit, credential use.
Humanity Protocol maintains that its underlying smart contracts remained secure, characterizing the event as a failure of operational security rather than a technical vulnerability. While independent researchers like ZachXBT and Lookonchain verified the attack pathway, the attribution to North Korea highlights a growing trend of state-linked actors targeting high-value crypto infrastructure. Following the theft, the attackers minted additional tokens on the BNB Smart Chain and moved proceeds into ETH, leaving the project to navigate a significant market recovery effort while addressing the exposure of its production environment.
Comments (0)
No comments yet. Be the first!