Humanity Protocol’s $36M hack tied to suspected North Korean hackers: Quantstamp

Quantstamp attributes the $36 million Humanity Protocol hack to suspected North Korean hackers based on forensic evidence tied to a fraudulent Bithumb email used in the attack. The security firm's analysis points to a phishing scheme leveraging the South Korean exchange's credentials to compromise Humanity Protocol's systems.

The attack pattern aligns with known North Korean threat actor tactics. Lazarus Group and related entities operating under the Pyongyang regime have executed similar email-based social engineering campaigns targeting crypto platforms and protocols. The use of a spoofed Bithumb domain represents a common entry vector for these groups, which typically chain multiple vulnerabilities and trust exploits to gain initial access.

Humanity Protocol, which focuses on decentralized identity verification, disclosed the breach and has begun recovery efforts. The stolen funds represent a significant blow to the protocol's treasury and user confidence. Exchange-level compromise tactics like those used here demonstrate how attackers exploit institutional trust relationships within the crypto ecosystem to bypass standard security perimeters.

Quantstamp's findings add to mounting evidence of North Korean state-sponsored hacking operations against digital assets. The regime has sustained ongoing campaigns to fund its weapons programs through cryptocurrency theft, generating hundreds of millions in illicit proceeds over the past five years. Recent incidents involving Ronin Network, Poly Network, and other protocols share similar hallmarks. methodologies, and targeting patterns.

The incident underscores the efficacy of phishing attacks against even technically sophisticated targets. Humanity Protocol's security posture apparently lacked sufficient email authentication controls, multi-factor enforcement, or isolation protocols to prevent the compromise from reaching critical systems. Organizations holding custodial crypto assets now face pressure to implement stricter identity verification, hardware-based access controls, and network segmentation to withstand escalating threats from state-backed threat actors with significant resources and patience.