Humanity Protocol Hack Tied to North Korean Group, $36M Lost

A $36 million exploit targeting Humanity Protocol has been linked to North Korean hackers, according to blockchain security firm Quantstamp. The attackers reportedly used phishing malware to compromise an employee's laptop, enabling them to access private keys and drain funds from the project's bridge infrastructure.

The breach occurred on June 8, 2026, affecting Humanity Protocol's H token on both Ethereum and BNB Chain. Quantstamp's investigation revealed that the malware was disguised as a token lockup schedule update from South Korean exchange Bithumb. It installed spyware granting attackers full remote access to the employee's laptop, ultimately exposing multisig keys used to manage bridge contracts.

Quantstamp flagged the malware as being signed with a South Korean Hancom digital certificate, a tactic the firm described as “characteristic of DPRK intrusions.” The attackers reportedly copied wallet credentials and private keys belonging to Humanity Protocol director Chong Yee Wai, which were then used to execute the exploit.

North Korea’s Crypto Theft Playbook

This incident is just the latest in a string of high-profile crypto thefts linked to North Korean state-sponsored groups. According to a May 2026 report by CertiK, North Korea-affiliated actors were responsible for approximately $2 billion of the $3.4 billion lost to crypto hacks in 2025, accounting for 12% of all incidents. Over the past decade, these actors are estimated to have stolen $6.75 billion in cryptocurrency across 263 attacks, with proceeds reportedly funding state operations.

North Korean hackers are known for their precision and scale, often employing phishing schemes, malware, and social engineering to infiltrate systems. Quantstamp’s findings align with this modus operandi, particularly the use of compromised administrative keys instead of exploiting smart contract bugs.

Market Impact and Broader Trends

The fallout from the Humanity Protocol hack was immediate. The H token price crashed over 80% intraday on June 9, following the disclosure of the exploit. The project urged users to avoid interacting with affected bridges and liquidity pools as investigations continued and key-rotation efforts were initiated.

The attack underscores a troubling trend in 2026, where high-value crypto losses increasingly result from private-key compromises rather than coding vulnerabilities. Humanity Protocol’s breach mirrored a pattern seen in other notable attacks this year, highlighting the critical need for better key management and endpoint security in the industry.

For Humanity Protocol, the incident is particularly damaging given its position as a decentralized identity project competing with Worldcoin. The exploit has not only eroded trust in the platform but also exposed systemic weaknesses in its administrative and operational security.

What’s Next?

The investigation into the Humanity Protocol exploit is ongoing, with Quantstamp continuing to analyze the breach. Meanwhile, the broader crypto community is paying close attention to North Korea’s escalating role in digital asset thefts as regulators and security firms scramble to stay ahead of increasingly sophisticated tactics.

For investors and developers, the attack serves as a stark reminder to prioritize endpoint security and robust multisig configurations. With private-key compromises emerging as a dominant threat vector, the focus is now shifting toward mitigating human error and insider vulnerabilities that can lead to catastrophic losses.