ChainCatcher reports that Humanity has released an independent investigation report on Quantstamp, revealing that in the H token security incident, attackers used tools and methods characteristic of North Korean hackers. They communicated via phishing emails posing as the Bithumb exchange, tricking project directors into clicking malicious attachments to deploy remote control trojans on their devices. Ultimately, they gained complete desktop control and wallet private keys. Subsequently, they launched on-chain attacks on Ethereum and BNB Chain: on the Ethereum side, they stole keys to upgrade contracts and transfer approximately 141.18 million H tokens; on the BSC side, they took over the ProxyAdmin contract and minted new tokens. The stolen assets were then continuously dumped on Uniswap and PancakeSwap for approximately 8 hours, significantly impacting liquidity and market prices.
Currently, the H token contract on the Ethereum side has been frozen. The mainnet is unaffected, but the BSC deployment has been taken over by the attackers, who still have minting privileges. The team is working with exchanges and security partners to advance subsequent handling and recovery plans. They are also reminding users to be wary of fake "compensation/claim" links and stated that they will release further updates through official channels. Previously, it was reported that Humanity Protocol suffered an attack, with the private key of a Humanity Foundation member being leaked, resulting in the theft of over $31 million.
