Humanity Protocol’s latest security incident appears to be tied to North Korea-linked cyber activity, according to an investigation by Quantstamp. The blockchainHumanity Protocol’s latest security incident appears to be tied to North Korea-linked cyber activity, according to an investigation by Quantstamp. The blockchain

Quantstamp Links Humanity Protocol’s $36M Hack to Suspected N. Korea Group

Bu içerikle ilgili geri bildirim veya endişeleriniz için lütfen [email protected] üzerinden bizimle iletişime geçin.
Quantstamp Links Humanity Protocol’s $36m Hack To Suspected N. Korea Group

Humanity Protocol’s latest security incident appears to be tied to North Korea-linked cyber activity, according to an investigation by Quantstamp. The blockchain security firm says a phishing email carrying a malicious attachment compromised an employee device and enabled the theft of $36 million worth of Humanity (H) tokens.

The attack chain, as described by Quantstamp, started with a message that masqueraded as a “token lockup schedule” update reportedly from South Korean exchange Bithumb. Once delivered, the malware granted full remote access to the compromised laptop and ultimately facilitated access to sensitive cryptocurrency wallet materials tied to a project executive.

Key takeaways

  • Quantstamp attributes the Humanity Protocol compromise to a phishing attachment that installed remote-access malware on a staff member’s laptop.
  • The incident led to theft of $36 million in Humanity (H) tokens, tied to unauthorized access of MetaMask credentials and private keys.
  • Quantstamp says the malware was signed with a South Korean Hancom digital certificate, a pattern it associates with DPRK intrusion activity.
  • Recent reporting and research link North Korea-linked threat actors to a large share of crypto theft losses and incidents, emphasizing “precision and scale.”
  • The broader pattern reinforces that operational security—especially around email and endpoints—remains a primary weak point even for decentralized projects.

Phishing to wallet theft: how the compromise worked

Quantstamp reported that a compromised employee’s laptop was the entry point for the attackers. In its incident response, the firm said the phishing email delivered a malicious attachment that was disguised as a token-related schedule update.

Crucially, the malware did more than trigger basic compromise indicators. Quantstamp said it gave the attackers full remote access to the laptop and enabled them to copy Humanity Protocol director Chong Yee Wai’s MetaMask wallet credentials and private keys. That access, according to the firm’s account of events, was leveraged to steal $36 million in Humanity (H) tokens on Monday.

From an investor and user standpoint, the incident highlights a persistent reality in crypto security: even when projects operate on decentralized infrastructure, centralized operational practices—like handling attachments and securing staff devices—can still determine whether funds remain protected.

Why Quantstamp points to DPRK-linked activity

Quantstamp did not rely solely on the phishing technique itself. The firm also analyzed the malware’s signing and behavior, stating that the malicious software was signed with a South Korean Hancom digital certificate.

Quantstamp characterized this detail as “characteristic of DPRK intrusions,” suggesting the attackers used tooling and operational steps commonly observed in past North Korea-linked campaigns. The combination of targeted social engineering (fake Bithumb-related content), endpoint takeover (remote access), and credential harvesting (MetaMask credentials and private keys) forms a cohesive attack narrative consistent with the firm’s attribution.

For readers tracking attribution in cyber incidents, the key takeaway is that this is not a generic accusation: Quantstamp’s conclusion is based on specific technical artifacts found during its incident response.

North Korea-linked theft: large numbers across recent years

The alleged DPRK connection to Humanity Protocol comes amid a broader set of statistics from blockchain security research. In a May report, CertiK linked the same category of actors to about $2 billion of the $3.4 billion lost to crypto exploits in 2025, and said they accounted for 12% of total incidents. CertiK described these losses as reflecting a focus on “precision and scale.”

Looking further back, the report cited an estimate that North Korea-linked actors stole about $6.75 billion in cryptocurrency across 263 documented incidents over the past decade. While such totals naturally depend on methodology and classification criteria, the report’s underlying message is consistent: DPRK-associated operations have repeatedly translated cyber capabilities into high-value thefts.

CertiK further argued that North Korea has “industrialized” crypto theft into a core state revenue mechanism, framing these activities as a meaningful share of the regime’s external income. That characterization matters because it suggests sustained institutional investment rather than isolated criminal hacking.

Denials and the persistence of cyber allegations

North Korea typically does not respond in a sustained way to cybercrime allegations. However, the reporting also referenced a denial carried by Korean Central News Agency coverage on May 3, in which a North Korean Foreign Ministry spokesperson rejected claims about crypto hacks.

In that statement, the spokesperson accused the United States of circulating “incorrect” narratives about a “non-existent ‘cyber threat’” from North Korea. The denial underscores a recurring tension in attribution: while investigators and researchers present technical evidence and pattern-based assessments, state actors continue to reject the framing publicly.

For users and teams building in crypto, the practical implication is to treat attributions as indicators of threat models rather than as proof of political intent. Regardless of who denies what, the operational lesson remains the same—phishing and endpoint compromise can rapidly convert into on-chain losses when wallet access is taken.

Next, readers should watch for updates from Humanity Protocol and Quantstamp on remediation steps and security controls—particularly any changes to how wallets are secured, how staff devices are hardened against social engineering, and what indicators will be shared publicly to prevent similar follow-on attacks.

This article was originally published as Quantstamp Links Humanity Protocol’s $36M Hack to Suspected N. Korea Group on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.

Piyasa Fırsatı
CyberConnect Logosu
CyberConnect Fiyatı(CYBER)
$0.3445
$0.3445$0.3445
-0.89%
USD
CyberConnect (CYBER) Canlı Fiyat Grafiği

World Cup Combo: Aim for 200x

World Cup Combo: Aim for 200xWorld Cup Combo: Aim for 200x

Combine up to 20 World Cup matches in one order

Sorumluluk Reddi: Bu sitede yeniden yayınlanan makaleler, halka açık platformlardan alınmıştır ve yalnızca bilgilendirme amaçlıdır. MEXC'nin görüşlerini yansıtmayabilir. Tüm hakları telif sahiplerine aittir. Herhangi bir içeriğin üçüncü taraf haklarını ihlal ettiğini düşünüyorsanız, kaldırılması için lütfen [email protected] ile iletişime geçin. MEXC, içeriğin doğruluğu, eksiksizliği veya güncelliği konusunda hiçbir garanti vermez ve sağlanan bilgilere dayalı olarak alınan herhangi bir eylemden sorumlu değildir. İçerik, finansal, yasal veya diğer profesyonel tavsiye niteliğinde değildir ve MEXC tarafından bir tavsiye veya onay olarak değerlendirilmemelidir.

Ayrıca Şunları da Beğenebilirsiniz

The changing face of elder care in Malaysia — Sayed Mohammad Reza Yamani Sayed Umar

The changing face of elder care in Malaysia — Sayed Mohammad Reza Yamani Sayed Umar

JULY 10 — An elderly society is becoming increasingly prevalent in Malaysia at present. It is projected that the p...
Paylaş
Malaymail2026/07/10 15:24
Not a loophole: Singapore AI export controls let China tap US AI legally

Not a loophole: Singapore AI export controls let China tap US AI legally

American AI technology is reaching Chinese tech giants through a route that US export controls were never designed to close: Singapore. The city-state sits outside
Paylaş
The Cryptonomist2026/07/10 14:46
CME Group to launch Solana and XRP futures options in October

CME Group to launch Solana and XRP futures options in October

The post CME Group to launch Solana and XRP futures options in October appeared on BitcoinEthereumNews.com. CME Group is preparing to launch options on SOL and XRP futures next month, giving traders new ways to manage exposure to the two assets.  The contracts are set to go live on October 13, pending regulatory approval, and will come in both standard and micro sizes with expiries offered daily, monthly and quarterly. The new listings mark a major step for CME, which first brought bitcoin futures to market in 2017 and added ether contracts in 2021. Solana and XRP futures have quickly gained traction since their debut earlier this year. CME says more than 540,000 Solana contracts (worth about $22.3 billion), and 370,000 XRP contracts (worth $16.2 billion), have already been traded. Both products hit record trading activity and open interest in August. Market makers including Cumberland and FalconX plan to support the new contracts, arguing that institutional investors want hedging tools beyond bitcoin and ether. CME’s move also highlights the growing demand for regulated ways to access a broader set of digital assets. The launch, which still needs the green light from regulators, follows the end of XRP’s years-long legal fight with the US Securities and Exchange Commission. A federal court ruling in 2023 found that institutional sales of XRP violated securities laws, but programmatic exchange sales did not. The case officially closed in August 2025 after Ripple agreed to pay a $125 million fine, removing one of the biggest uncertainties hanging over the token. This is a developing story. This article was generated with the assistance of AI and reviewed by editor Jeffrey Albus before publication. Get the news in your inbox. Explore Blockworks newsletters: Source: https://blockworks.co/news/cme-group-solana-xrp-futures
Paylaş
BitcoinEthereumNews2025/09/17 23:55

Activate to Enjoy Special Perks

Activate to Enjoy Special PerksActivate to Enjoy Special Perks

Access 0 fees, premium support, and loss coverage.