A sophisticated phishing campaign has cost Humanity Protocol $36 million, with blockchain security firm Quantstamp attributing the attack to North Korean threat actors. The breach underscores the persistent vulnerability of crypto infrastructure to social engineering, even as technical defenses improve.
The incident began on June 5 when a Humanity Protocol director opened a malicious email disguised as correspondence from Bithumb, a major South Korean exchange. The malware compromised the executive’s device, exposing seven private keys stored on a developer’s machine. By June 8, attackers had drained 141 million H tokens from an Ethereum bridge contract and minted additional tokens on the BNB Smart Chain.
Stolen assets were rapidly dumped on decentralized exchanges Uniswap and PancakeSwap, causing the H token to plummet 80-90% in value. While the Ethereum component has been mitigated, Quantstamp reports the BNB Smart Chain deployment remains irreparably compromised.
This exploit highlights a critical failure in operational security rather than code. Storing multiple high-value private keys on a single internet-connected device violates industry best practices, which mandate multi-signature wallets and air-gapped hardware security modules. The attack aligns with a broader 2026 trend where DPRK-affiliated groups, including the Lazarus Group, increasingly target human elements to bypass robust smart contract audits.