Humanity publishes security incident investigation report: Attack tools and methods exhibit characteristics of North Korean hackers; mainnet bridge unaffected

Odaily Planet Daily reported that Humanity has released an independent investigation report by Quantstamp, which disclosed that the attacker in the H token security incident used tools and methods characteristic of North Korean hackers. The attacker communicated via phishing emails disguised as Bithumb exchange, inducing a project director to click on a malicious attachment, thereby deploying a remote control trojan on their device. This ultimately granted full desktop control and access to wallet private keys, followed by on-chain attacks on Ethereum and BNB Chain: On the Ethereum side, the attacker upgraded the contract using stolen keys and transferred approximately 141.18 million H tokens; on the BSC side, they took over the ProxyAdmin contract and minted new tokens. The stolen assets were then continuously sold on Uniswap and PancakeSwap for about 8 hours, causing significant impact on liquidity and market prices.

Currently, the H token contract on the Ethereum side has been frozen, and the mainnet bridge remains unaffected. However, the BSC deployment has been compromised by the attacker and still retains minting authority. The team is coordinating with exchanges and security parties to proceed with subsequent handling and recovery plans. Meanwhile, users are warned to be cautious of fake "compensation/claim" links, and the team stated that further updates will be announced through official channels.