Humility security incident update: Stolen funds reach $36 million, cooperation with police launched to trace and recover assets

Odaily Planet Daily News Humility Protocol posted an update on the security incident on the X platform, stating that yesterday, the H token suffered a coordinated attack on the Ethereum and BSC chains. It has now been confirmed that over $36 million worth of assets were stolen and dumped.

Preliminary investigations indicate that the incident originated from a compromised employee computer, leading to the leak of private keys for the multi-signature wallet controlling the Hyperlane Bridge ProxyAdmin. Specifically, the attacker obtained 3 out of 6 private keys for the Gnosis Safe on the Ethereum chain, transferred ownership of the ProxyAdmin to a wallet they controlled, upgraded the bridge contract to a malicious implementation, and subsequently transferred approximately 141.2 million H tokens in a single transaction.

At the same time, the attacker also gained control of 3 out of 5 private keys for the Safe wallet on the BSC chain, took over the ProxyAdmin in the same manner, and deployed a malicious contract with unlimited minting capabilities, minting 200 million H tokens to their own wallet in two separate transactions.

Humility stated that it has suspended all deposit and withdrawal operations on the affected bridge service and is collaborating with exchanges and other relevant partners to mitigate losses. Furthermore, it is cooperating with the police in the investigation and attempting to recover some of the stolen funds.