Industry

Humanity Protocol $36M Hack: Phishing Email, DPRK Links Revealed

Humanity Protocol’s independent investigation found that a phishing attack targeting a director led to stolen private keys, a $36 million exploit, and the compromise of its BNB Chain deployment.

Written By:
Isha Chavda

Reviewed By:
Jahnu Jagtap
Humanity Protocol $36M Hack Phishing Email, DPRK Links Revealed

Key Highlights

  • Humanity Protocol published Quantstamp’s investigation into the June 8 exploit that drained and minted unauthorized $H tokens.
  • The attacker allegedly gained access through a phishing email impersonating South Korean crypto exchange Bithumb.
  • Quantstamp found indicators consistent with known DPRK-linked cyber intrusion techniques.
  • Humanity confirmed the Ethereum deployment has been secured, while the BNB Smart Chain version will be abandoned.

Humanity Protocol has released the findings of an independent investigation conducted by security firm Quantstamp into the June 8 attack that resulted in the compromise of its native $H token ecosystem.

The report provides the clearest explanation yet of how attackers gained control of key administrative infrastructure, triggering one of the largest crypto security incidents of the year and causing an estimated $36 million in losses.

The project had previously disclosed that the exploit led to the collapse of the $H token price after attackers gained access to bridge controls, drained tokens on Ethereum, and minted unauthorized supply on BNB Smart Chain.

Phishing attack started with fake Bithumb email

According to Humanity Protocol, the attack originated from a targeted social-engineering campaign directed at one of its directors.

The attacker reportedly sent a phishing email impersonating South Korean crypto exchange Bithumb, with whom the director had been communicating. The email contained a malicious attachment that installed remote-access malware after being opened.

Quantstamp’s investigation found that the malware allowed attackers to gain full remote-desktop control of the device while evading endpoint security systems.

Once inside the machine, the attacker extracted wallet data and private keys associated with administrative accounts.

“The attacker copied wallet data and private keys from the device and used them to execute the on-chain attack,” Humanity Protocol stated.

According to the investigation, several aspects of the malware infrastructure and certificate-signing behavior resembled techniques commonly associated with North Korean cyber groups.

While the report stops short of making a definitive attribution, Humanity Protocol said Quantstamp identified tooling and operational patterns “characteristic of DPRK-linked intrusions.”

The attackers subsequently used the stolen credentials to upgrade a contract on Ethereum and move approximately 141.18 million in $H tokens. On BNB Smart Chain, they gained control of a ProxyAdmin contract and minted additional unauthorized tokens.

The newly created and stolen tokens were sold across decentralized exchanges including Uniswap and PancakeSwap over roughly eight hours, significantly damaging liquidity and causing a sharp decline in the token’s market value.

Ethereum secured, BNB deployment abandoned

Humanity Protocol said the Ethereum deployment has since been secured using a separate multisignature wallet that was never compromised during the attack.

“The damage is contained,” the team stated, noting that the Ethereum token contract has been frozen and the project’s canonical Humanity Mainnet bridge remains unaffected.

However, the situation on BNB Smart Chain is more difficult.

The project confirmed that attackers retain administrative control over the compromised BSC deployment and can continue minting tokens. As a result, Humanity plans to permanently abandon the affected BNB Smart Chain version while working with exchanges and ecosystem partners on recovery plans.

The foundation has also advised users to temporarily revoke contract approvals until further security assessments are completed.

$H Price Recovers Despite Lingering Risks

Interestingly, the disclosure comes as the $H token has staged a significant recovery following the initial selloff.

Recent market data shows the token surged more than 43% once after the attack, driven partly by speculation surrounding potential recovery measures and ecosystem support initiatives.

However, analysts caution that the rally remains vulnerable. Market participants continue monitoring the attacker’s remaining token holdings, while a scheduled token unlock later this month could introduce additional selling pressure.

For now, Humanity Protocol says it remains focused on finalizing a recovery plan and restoring confidence among affected users.

“We know it’s been a difficult time for H holders and we’re committed to finding the best way forward,” the project said.

Also Read: Raydium Exploit Update: GoPlus Reveals How Hacker Stole $1.34M

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Avatar photo
By Isha Chavda
Isha Chavda is a Junior Writer at The Crypto Times and a B.Com (Hons) graduate with a background in commerce. She reports on crypto news and focuses on creating content that is clear, simple, and engaging for readers. With a strong interest in content creation, she enjoys staying updated with the latest trends and turning them into easy-to-understand stories. Her work combines effective communication to make crypto more accessible and relatable.  
Jahnu Jagtap - Crypto Research Analyst at The Crypto Times
By Jahnu Jagtap
Follow:
Jahnu Jagtap is a Research Analyst with over 5 years of experience in crypto, finance, fintech, blockchain, Web3, and AI. He holds a BSc in Mathematics and is certified in Blockchain and Its Applications (SWAYAM MHRD), Cryptocurrency (Upskillist), and NISM Certifications. Jahnu specializes in technical, on-chain, and fundamental analysis, while also closely tracking global macro trends, regulations, lawsuits, and U.S. equities. With a strong analytical background and editorial insight, he drives content that delivers clarity and depth in the fast-evolving world of digital finance.

Latest News

Bittensor (TAO) Surges 30% as Anthropic’s Fable/Mythos AI Ban Fuels DeAI Thesis
Bittensor (TAO) Surges 30% as Anthropic’s Fable/Mythos AI Ban Fuels DeAI Thesis
GAO Presses FDIC to Close Gaps in Crypto and Blockchain Risk Oversight
GAO Presses FDIC to Close Gaps in Crypto and Blockchain Risk Oversight
Coinbase CEO Brian Armstrong Calls US Accredited Investor Laws a ‘Regressive Tax’
Coinbase CEO Brian Armstrong Calls US Accredited Investor Laws a ‘Regressive Tax’
BlackRock’s New Bitcoin Income ETF ($BITA) Goes Live on Nasdaq Today
BlackRock’s New Bitcoin Income ETF ($BITA) Goes Live on Nasdaq Today
Standard Chartered Predicts 3,400% Uniswap (UNI) Surge, Sets $100 Target
Standard Chartered Predicts 3,400% Uniswap (UNI) Surge, Sets $100 Target

Find Us on Socials

You may also like