Humanity Protocol Loses $36M in North Korean Phishing Hack
A suspected North Korean phishing attack on Humanity Protocol resulted in a $36 million theft. Malware from a fake Bithumb email compromised a director’s laptop, exposing MetaMask keys. Quantstamp’s analysis highlights DPRK intrusion patterns, adding to the regime’s $6.75 billion crypto theft record.
Quick Take
Hackers stole $36M in H tokens after phishing a Humanity Protocol director.
Malware from a fake Bithumb email gave attackers full remote access.
Quantstamp ties the attack to North Korea’s known intrusion patterns.
North Korea linked to $2B of the $3.4B in 2025 crypto exploits.
Market Impact Analysis
BearishConfirmed hack with significant theft erodes trust and may trigger sell-offs, especially for the affected token.
Speculation Analysis
Key Takeaways
- Hackers stole $36M in H tokens after phishing a Humanity Protocol director with a fake Bithumb email.
- Malware signed with a South Korean digital certificate gave attackers full remote access to a laptop.
- Quantstamp ties the intrusion patterns to North Korean state-sponsored groups.
- North Korea-linked actors accounted for $2B of $3.4B in crypto exploits so far in 2025.
What Happened
A phishing email disguised as a Bithumb token lockup update compromised a director’s laptop at Humanity Protocol. The attachment, signed with a Hancom digital certificate, installed malware that gave attackers full remote access. They extracted MetaMask credentials and private keys, draining $36 million in H tokens. The incident bears the hallmarks of North Korean state-sponsored groups, according to Quantstamp’s incident response analysis.
The Numbers
The $36 million theft adds to a staggering tally. In April alone, North Korea-linked actors were tied to $578 million of the $634 million stolen across crypto. Over the past decade, the regime has amassed $6.75 billion from 263 documented incidents. This year, DPRK groups account for roughly $2 billion of $3.4 billion in total exploits—12% of incidents but the majority of value lost.
Why It Happened
The attack exploited trust in routine communications. By mimicking a Bithumb update, the email bypassed skepticism. The malware’s South Korean digital certificate—a known DPRK tactic—suggests a targeted, well-resourced operation. North Korea has industrialized crypto theft as a core state revenue mechanism, focusing on precision over volume.
Broader Impact
This hack highlights the evolving sophistication of social engineering in crypto. It pressures projects to tighten insider security—especially around wallet key management and email verification. The DPRK link may also accelerate calls for stricter oversight of exchanges and DeFi platforms, as the regime’s thefts fuel its weapons programs.
What to Watch Next
- Humanity Protocol’s recovery efforts and any improvements to its security infrastructure.
- Potential sanctions or law enforcement actions targeting wallets associated with the DPRK.
- Other projects implementing mandatory phishing training and multi-signature transaction policies.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
