H Is for Hack: Phishing Expedition Permanently Wrecks Humanity Protocol's BSC Deployment 🪝

Humanity Protocol has attributed the June 8 compromise of its $H token to a phishing attack against one of its directors, an incident the team said has permanently compromised its BNB Chain deployment. In an update published June 12, the project shared findings from an independent investigation conducted by Quantstamp.

According to Humanity Protocol, the attack began with a phishing email impersonating crypto exchange Bithumb. The targeted director had been in prior communication with Bithumb before receiving what appeared to be a legitimate update containing a malicious attachment. Opening the file installed remote-access malware that gave the attacker full remote-desktop control over the machine without triggering endpoint security protections, allowing the attacker to copy wallet data and private keys stored on the device.

Quantstamp concluded that the attacker used stolen administrative credentials to upgrade contracts, then moved tokens across Ethereum and minted new $H on BNB Smart Chain. The attacker later sold the tokens across Uniswap and PancakeSwap over roughly eight hours, severely damaging liquidity and triggering a sharp collapse in the token's market price. Quantstamp noted that the malware tooling and certificate-signing patterns observed during the investigation were "characteristic of DPRK-linked intrusions," though the report stopped short of making a definitive attribution.

Humanity Protocol said the attacker used stolen keys belonging to one of its directors to upgrade a contract on Ethereum and move roughly 141.18 million $H tokens. On BNB Chain, the attacker reportedly took control of a ProxyAdmin contract, allowing them to mint additional $H tokens directly, and the newly minted tokens were then sold into liquidity pools across Ethereum and BSC, intensifying market losses for holders and liquidity providers. The team stressed that the incident did not stem from a vulnerability in the underlying smart contracts themselves but rather from unauthorized administrative access obtained through the phishing attack.

The incident also created a split between Humanity Protocol's Ethereum and BSC deployments. According to the update, the Ethereum token contract was successfully frozen using a separate clean multisig wallet that the attacker never controlled, and the project said the canonical Humanity Mainnet bridge remains unaffected. However, the BNB Chain deployment has now been deemed permanently compromised because the attacker still retains administrative control and can continue minting new tokens, leading the team to write, "This must be abandoned," regarding the BSC deployment.