Humanity Protocol says a targeted phishing attack against one of its directors led to the theft of private keys used in the June 8 $H token compromise. It resulted in the permanent compromise of the project’s $BNB Chain deployment.
In a new incident update published June 12, the team shared findings from an independent investigation conducted by Quantstamp.
It concluded that the attacker used stolen administrative credentials to upgrade contracts. They then moved tokens across Ethereum and minted new $H on $BNB Smart Chain.
The attacker later sold the tokens across Uniswap and PancakeSwap over roughly eight hours. The move severely damaged liquidity and triggered a sharp collapse in the token’s market price.
Attack reportedly began with fake Bithumb email
According to Humanity Protocol, the compromise started with a phishing email impersonating crypto exchange Bithumb.
The targeted director had reportedly been communicating with Bithumb before receiving what appeared to be a legitimate update containing a malicious attachment.
The team said opening the file installed remote-access malware that gave the attacker full remote-desktop control over the machine. Also, this was done without triggering endpoint security protections.
With that access, the attacker allegedly copied wallet data and private keys stored on the device before executing the on-chain attack.
Quantstamp said the malware tooling and certificate-signing patterns observed during the investigation were “characteristic of DPRK-linked intrusions.” However, the report stopped short of making a definitive attribution.
Attackers upgraded contracts and minted new $H
Humanity Protocol said the attacker used stolen keys belonging to one of its directors to upgrade a contract on Ethereum and move roughly 141.18 million $H tokens.
On $BNB Chain, the attacker reportedly took control of a ProxyAdmin contract, allowing them to mint additional $H tokens directly.
The newly minted tokens were then sold into liquidity pools across Ethereum and BSC, intensifying market losses for holders and liquidity providers.
The team stressed that the incident did not stem from a vulnerability in the underlying smart contracts themselves.
Instead, the compromise resulted from unauthorized administrative access obtained through the phishing attack.
Ethereum frozen while BSC deployment abandoned
The incident also created a split between Humanity Protocol’s Ethereum and BSC deployments.
According to the update, the Ethereum token contract was successfully frozen using a separate clean multisig wallet that the attacker never controlled.
The project also said the canonical Humanity Mainnet bridge remains unaffected.
However, the $BNB Chain deployment has now been deemed permanently compromised. This is because the attacker still retains administrative control and can continue minting new tokens.
“This must be abandoned,” the team wrote regarding the BSC deployment.
The incident highlights growing concerns across the crypto industry around governance key management, operational security, and social-engineering attacks.
Final Summary
- Humanity Protocol said a phishing attack impersonating Bithumb led to the theft of director keys used in the June 8 $H exploit.
- The project froze its Ethereum deployment but said its $BNB Chain deployment must now be abandoned because the attacker still controls mint permissions.