Humanity Releases Security Incident Investigation Report: Attack Tools and Techniques Exhibit Characteristics of North Korean Hackers; Mainnet Bridge Unaffected

Odaily Odaily Planet Daily News Humanity has released an independent investigation report by Quantstamp, which reveals that in the H token security incident, the attacker used tools and techniques characteristic of North Korean hackers. The attacker communicated via phishing emails impersonating the Bithumb exchange, tricking a project director into clicking a malicious attachment. This deployed a remote access trojan on the director's device, ultimately granting full desktop control and access to wallet private keys. Subsequently, on-chain attacks were launched on both Ethereum and BNB Chain: on the Ethereum side, the stolen keys were used to upgrade the contract and transfer approximately 141.18 million H tokens; on the BSC side, the ProxyAdmin contract was taken over to mint new tokens. The stolen assets were then continuously sold on Uniswap and PancakeSwap for about 8 hours, causing significant impact on liquidity and market price.

Currently, the H token contract on the Ethereum side has been frozen, and the mainnet bridge is unaffected. However, the BSC deployment is controlled by the attacker and still has minting permission. The team is coordinating with exchanges and security partners on subsequent handling and recovery plans. Meanwhile, users are warned to be cautious of fake "compensation/claim" links, and the team stated that further updates will be announced through official channels.