Humanity Protocol Hack Linked to Suspected North Korean Cyber Group, Investigation Finds

Humanity Protocol’s recent $36 million security breach has been linked to suspected North Korean hackers, according to findings from blockchain security firm Quantstamp. The attack reportedly began with a phishing email disguised as an official token lockup schedule update from South Korean cryptocurrency exchange Bithumb.

The email contained a malicious attachment that installed malware on an employee’s laptop, allowing attackers to gain full remote access to the device.

Phishing Attack Exposed Wallet Credentials

Investigators said the malware enabled hackers to steal MetaMask wallet credentials and private keys belonging to Humanity Protocol director Chong Yee Wai. The compromised access allowed attackers to transfer approximately $36 million worth of Humanity (H) tokens.

Quantstamp noted that the malware was signed using a South Korean Hancom digital certificate, a tactic the firm described as commonly associated with North Korean cyber operations.

North Korea’s Growing Role in Crypto Theft

CertiK reports show North Korea-linked groups were connected to at least $578 million of the $634 million stolen in crypto-related attacks during April. Security researchers estimate that over the past decade, these groups have stolen roughly $6.75 billion in cryptocurrency across 263 documented incidents.

The Humanity Protocol breach highlights the increasing threat posed by sophisticated phishing campaigns and the importance of stronger operational security across the digital asset industry.