Key facts
- A $36 million hack of Humanity Protocol is linked to North Korean threat actors, according to Quantstamp.
- The hack occurred after a phishing email with a malicious attachment compromised an employee's laptop.
- The malware used a South Korean digital certificate, a pattern associated with North Korean intrusions.
- Attackers gained access to a director's MetaMask wallet credentials and private keys.
- North Korea is estimated to have stolen billions in cryptocurrency over the past decade.
- North Korea has denied allegations of involvement in cybercrime.
Blockchain security firm Quantstamp has identified suspected North Korean threat actors behind the recent $36 million hack of Humanity Protocol. The breach occurred after a phishing email, disguised as an update from South Korean exchange Bithumb, delivered malware to a compromised employee's laptop.
The malware, signed with a South Korean Hancom digital certificate—a signature Quantstamp associates with North Korean intrusions—provided attackers with remote access. This allowed them to steal the MetaMask wallet credentials and private keys of Humanity Protocol director Chong Yee Wai, leading to the theft of $36 million in H tokens.
This incident adds to a growing list of major cryptocurrency thefts attributed to North Korea. Security firms like CertiK report that North Korean-linked actors have been responsible for billions in stolen crypto, industrializing theft as a state revenue mechanism. In April alone, these actors were linked to at least $578 million of the $634 million stolen in crypto-related incidents.
Over the past decade, North Korea-linked actors are estimated to have stolen approximately $6.75 billion across 263 documented incidents. North Korea has consistently denied allegations of state-sponsored cybercrime, with a Foreign Ministry spokesperson recently calling US accusations of a "non-existent 'cyber threat'" incorrect.