DPRK Actors Use Phishing Attack to Steal 141M H Tokens from Humanity Protocol

A new report from Quantstamp reveals that the June 8 theft of 141.18 million H tokens from Humanity Protocol was not due to a code exploit, but rather a compromised individual device, a hallmark of North Korean cyber campaigns.

The attackers used a phishing attack to gain remote access to a director's machine, then copied wallet data and private keys. Once inside, they executed parallel operations on two separate chains: Ethereum and BNB Smart Chain.

On Ethereum, the attackers upgraded the H token contract and moved approximately 141 million H tokens out of the protocol's control. On BNB Smart Chain, they took control of a ProxyAdmin contract and used it to mint additional H tokens.

The dual-chain maneuver suggests preparation that pre-dated the phishing entry point and points to a group with deep blockchain engineering resources.