Phish, Mint, Repeat: Humanity Protocol's BSC Token Goes Up in Flames 🔥

Humanity Protocol confirmed on June 12 that a targeted phishing attack against one of its directors resulted in the permanent compromise of the project's BNB Chain deployment and the theft of roughly 141.18 million $H tokens. The conclusion came from an independent investigation conducted by Quantstamp, which found that the attacker used stolen administrative credentials to upgrade contracts, move tokens across Ethereum, and mint new $H on BNB Smart Chain. The newly minted supply was then sold into liquidity pools across Uniswap and PancakeSwap over a span of approximately eight hours, severely damaging liquidity and triggering a sharp collapse in the token's market price.

According to the update, the intrusion began with a phishing email impersonating crypto exchange Bithumb. The targeted director had reportedly been communicating with Bithumb before receiving what appeared to be a legitimate update containing a malicious attachment. Opening the file installed remote-access malware that gave the attacker full remote-desktop control over the machine without triggering endpoint security protections. With that access, the attacker copied wallet data and private keys stored on the device before executing the on-chain attack. Quantstamp stated that the malware tooling and certificate-signing patterns observed during the investigation were "characteristic of DPRK-linked intrusions," though the report stopped short of making a definitive attribution.

The project stressed that the incident did not stem from a vulnerability in the underlying smart contracts themselves, but rather from unauthorized administrative access obtained through social engineering. On Ethereum, the team said the token contract was successfully frozen using a separate clean multisig wallet that the attacker never controlled, and it confirmed that the canonical Humanity Mainnet bridge remains unaffected. On BNB Chain, however, the attacker reportedly took control of a ProxyAdmin contract, allowing continued minting of new $H tokens directly. "This must be abandoned," the team wrote regarding the BSC deployment, noting that the attacker still retains administrative control there.

Despite the lingering security concerns, $H rallied more than 42% in 24 hours to reach $0.50, with market capitalization climbing above $800 million as buyers stepped in aggressively from a recent low near $0.10. Derivatives activity reflected that conviction, with Open Interest jumping 131% to $213.10 million alongside the price move, indicating fresh leveraged positioning rather than rotation of existing contracts. The RSI recovered to 57.16, moving toward the neutral-to-bullish threshold but not yet into overbought territory, while price action brought the next major resistance at $0.718 into focus, with the psychological $1.00 mark cited as a further upside level.

Liquidation data underscored how heavily short sellers were caught offside by the rebound, with roughly $1.55 million in short liquidations against approximately $282,000 in long liquidations during the latest session. The imbalance highlighted the scale of bearish positioning that exited the market as $H accelerated higher. The Humanity Protocol team has not announced a replacement plan for the abandoned BNB Chain deployment, leaving the permanently compromised contract still capable of being controlled by the attacker.