Blockchain security firm Quantstamp has linked the recent $36 million theft from Humanity Protocol to suspected North Korean hackers. The breach occurred after a compromised employee laptop granted attackers remote access via a sophisticated phishing campaign.
The malicious payload, disguised as a token lockup update from South Korean exchange Bithumb, installed malware signed with a Hancom digital certificate. This specific signature is a known hallmark of Democratic People's Republic of Korea (DPRK) intrusions. The malware exfiltrated private keys and credentials from the wallet of Humanity Protocol director Chong Yee Wai.
This incident aligns with a broader trend of state-sponsored crypto theft. Data from security firm CertiK indicates that North Korean actors were responsible for approximately $2 billion of the $3.4 billion lost to crypto exploits in 2025 alone. Over the last decade, these groups have stolen an estimated $6.75 billion across 263 incidents, effectively industrializing digital asset theft as a primary revenue stream for the regime.
Despite mounting evidence, Pyongyang continues to deny involvement. In May, a Foreign Ministry spokesperson dismissed US allegations as incorrect narratives regarding a non-existent cyber threat.