Key facts
- Humanity Protocol lost $36 million in an exploit linked to a compromised employee laptop.
- Production keys, including admin hot wallet and multisig owner keys, were inadvertently backed up on the laptop.
- The exploit is suspected to involve North Korea-linked threat actors.
- The attack vector involved a phishing email delivering malware disguised as a Bithumb update.
- Humanity Protocol's founder stated operational security is as critical as smart contract security.
Humanity Protocol is enhancing its operational security measures following a $36 million exploit that occurred in June. The breach was traced to a compromised employee laptop containing inadvertently backed-up production keys, including admin hot wallet and multisig owner keys. Terence Kwok, founder of the decentralized identity company, stated that this incident underscores the critical importance of operational security, which is as vital as smart contract security.
The exploit highlights a growing trend where malicious actors are shifting their focus from exploiting smart contract code to targeting human behavior and operational vulnerabilities. Blockchain security firm Quantstamp identified the attack vector as a phishing email that delivered malware disguised as a token lockup schedule update from South Korean exchange Bithumb. This malware granted attackers remote access to the employee's machine.
North Korea-linked threat actors are suspected to be behind the attack. These groups have been linked to a significant portion of cryptocurrency theft, including at least $578 million in April alone. While overall crypto losses from hacks have decreased year-on-year in the first half of 2026, security firms caution that this is partly due to a large Bybit hack in early 2025 and that state-sponsored actors continue to pose a substantial threat to the industry. The Drift Protocol and KelpDAO exploits in the second quarter of 2026 were also widely attributed to these actors.