$31M Humanity Protocol Exploit Linked to Compromised Developer Machine

Humanity Protocol has confirmed that the $31M exploit on June 8 was caused by a compromised developer machine infected with malware. The attacker gained root access and obtained seven private keys, including the admin hot wallet key and six Safe owner keys across Ethereum and BNB Chain.

The incident occurred during the project's mainnet launch, when unintentional backups of these keys were made to the infected device. This highlights operational security risks rather than flaws in the protocol's code.

The attacker used legitimate private keys to authorize transactions, which is a common way for hackers to exploit vulnerabilities in key management and access controls.

This incident serves as a reminder for crypto projects to prioritize infrastructure security, including key management and access controls, to prevent similar incidents from happening in the future.