CertiK · North Korea · South Korea · Cointelegraph
Humanity Protocol’s $36 million hack tied to suspected North Korean hackers: Quantstamp
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
◌ Single Source
A fake Bithumb email used in the $36 million Humanity Protocol hack points to the involvement of North Korean threat actors, according to Quantstamp.
Key facts
- According to a May report by blockchain security company CertiK, the same actors have been linked to about $2 billion of the $3.4 billion lost to crypto exploits in 2025, while accounting for 12%
- Over the past decade, North Korea-linked actors stole an estimated $6.75 billion in cryptocurrency across 263 documented incidents, the report said
- A fake Bithumb email used in the $36 million Humanity Protocol hack points to the involvement of North Korean threat actors, according to Quantstamp
- North Korea rarely responds to cybercrime allegations, but on May 3, a Foreign Ministry spokesperson rejected them carried by the Korean Central News Agency, the country's state media
Summary
A malicious attachment delivered through a phishing email points to the involvement of North Korea-linked threat actors in Humanity Protocol's recent hack, according to blockchain security company Quantstamp. The decentralized identity company said a compromised employee's laptop enabled attackers to steal $36 million in Humanity (H) tokens on Monday. The malicious attachment was disguised as a token lockup schedule update from South Korean cryptocurrency exchange Bithumb. Quantstamp added that the malware was signed with a South Korean Hancom digital certificate, a pattern it described as “characteristic of DPRK intrusions.” The malware enabled attackers to copy Humanity Protocol director Chong Yee Wai's MetaMask wallet credentials and private keys.