Humanity Security Report Uncovers North Korean Hacker Tactics, Mainnet Bridge Remains Secure

Anatomy of a Security Breach: From Phishing to On-Chain Exploitation

Humanity Protocol has released an independent security audit report conducted by Quantstamp, providing a detailed forensic analysis of a recent major security incident. The investigation concludes that the tools and techniques employed in the attack bear hallmarks associated with hacker groups linked to North Korea.

The Initial Compromise: A Spear-Phishing Campaign

The attack chain began with a highly targeted spear-phishing attempt. Posing as representatives from the major cryptocurrency exchange Bithumb, the attackers initiated email correspondence with a project director. Through social engineering, they successfully tricked the target into opening a malicious attachment. This deployed a Remote Access Trojan (RAT) on the victim's device, granting the attackers full control and ultimately leading to the theft of critical credentials, including wallet private keys.

Cross-Chain Assault: Asset Drain and Contract Takeover

With access secured, the attackers launched simultaneous operations on two blockchains:

• Ethereum Network: Using the stolen keys, the attackers upgraded the relevant smart contract and siphoned approximately 141.18 million H tokens from it.
• BNB Chain: The attackers gained control of the ProxyAdmin contract, abusing its minting authority to create new tokens illegitimately.

The stolen assets were then methodically dumped over roughly 8 hours on decentralized exchanges like Uniswap and PancakeSwap, severely impacting liquidity pools and token market value.

Current Status and Mitigation Efforts

Per the report, the H token contract on Ethereum has been frozen to prevent further movement of funds. Crucially, the protocol's mainnet bridge was not compromised in the incident, preserving the security of core assets. However, the BNB Chain deployment remains under the attacker's control, with its minting capability still active, representing an ongoing threat.

The project team is now collaborating with multiple centralized exchanges, security firms, and law enforcement agencies to develop and execute asset recovery and system restoration plans. The team urgently warns the community to remain vigilant against fraudulent "compensation," "claim," or "recovery" links circulating on unofficial channels. All official updates will be shared through verified social media and blog posts.

This incident, which resulted in a loss exceeding $31 million, was initiated by the compromise of a private key belonging to a member of the Humanity Foundation.