Humanity releases the investigation report on the security incident: the main network bridge was not affected, and the attack tools and methods exhibit characteristics of North Korean hackers

Humanity released an independent investigation report by Quantstamp, which disclosed that in the H token security incident, the attacker used tools and methods characteristic of North Korean hackers, disguising themselves as communication from the Bithumb exchange through phishing emails, inducing project directors to click on malicious attachments, thereby deploying a remote control Trojan on their devices, ultimately gaining full desktop control and wallet private keys. Subsequently, on Ethereum and BNB Chain, they launched on-chain attacks: on the Ethereum side, by stealing keys to upgrade contracts and transferring approximately 141.18 million H tokens, and on the BSC side, by taking over the ProxyAdmin contract and minting new tokens. The stolen assets were then continuously sold on Uniswap and PancakeSwap for about 8 hours, causing significant impact on liquidity and market prices.

Currently, the H token contract on the Ethereum side has been frozen, the mainnet bridge remains unaffected, but the BSC deployment has been controlled by the attacker and still has minting permissions. The team is working with exchanges and security parties to advance subsequent disposal and recovery plans, while reminding users to be wary of false "compensation/claim" links, and stated that further progress will be announced through official channels.

Previously, the Humanity Protocol was attacked, resulting in the leak of a private key from a member of the Humanity Foundation, leading to over 31 million dollars in funds being stolen.