Humanity Protocol’s founder said they will refocus on operational security, as malicious actors are switching from smart contract vulnerabilities to exploiting human behavior. Humanity Protocol will refocus its cybersecurity efforts on operational security following a June $36 million exploit that was traced back to a compromised employee laptop, according to the founder of the decentralized identity company, Terence Kwok. In an interview with Cointelegraph, Kwok said that the exploit stemmed from last year’s mainnet launch, when several production keys were inadvertently backed up onto the laptop that was compromised, including admin hot wallet keys and a quorum of multisig owner keys across both chains. He said: The exploit and Humanity Protocol’s action highlight an increase in cryptocurrency hackers refocusing their attacks on staff-level vulnerabilities and operational shortcomings, rather than exploiting smart contract code. Read more
A fake Bithumb email used in the $36 million Humanity Protocol hack points to the involvement of North Korean threat actors, according to Quantstamp. A malicious attachment delivered through a phishing email points to the involvement of North Korea-linked threat actors in Humanity Protocol's recent hack, according to blockchain security company Quantstamp. The decentralized identity company said a compromised employee's laptop enabled attackers to steal $36 million in Humanity (H) tokens on Monday. The malicious attachment was disguised as a token lockup schedule update from South Korean cryptocurrency exchange Bithumb. It installed malware that gave attackers full remote access to the laptop, Quantstamp said in its incident response. Read more
The compromise of private keys belonging to a member of the Humanity Foundation has reportedly resulted in the theft of at least $30 million worth of its native token. The Humanity Protocol, dubbed the “Chinese Worldcoin,” has been exploited for more than $30 million through a private key compromise, sending the price of H tokens plummeting on Tuesday. “We’ve detected a security incident involving the compromise of private keys belonging to a member of the Humanity Foundation,” said Terence Kwok, founder and CEO of Humanity Protocol, on Tuesday. Kwok advised users not to interact with the bridge or any liquidity pools until it has been deemed safe and added that the team was working with security experts, but did not provide any further details at the time. Read more