Humanity Says North Korea-Linked Hackers Behind H Token Breach
Summary
- Humanity Protocol said a recent major security breach led to heavy selling of H token, triggering a price plunge and a liquidity drain.
- It said the H token contract on Ethereum has been frozen through a multisignature wallet, but the hacker still retains admin privileges on the BSC network.
- After the hack, H token fell more than 80%% from its peak, then rebounded more than 50%% on strong dip-buying and recovered to $0.30.
Forecast Trend Report by Period
Humanity Protocol said a North Korea-linked hacking group was behind a recent major security breach that triggered a collapse in its H token price. The attackers used a sophisticated phishing campaign to seize critical permissions, then dumped a large volume of tokens on the market.
In a post on its official X account on June 13, Humanity Protocol said an independent investigation by blockchain security firm Quantstamp found that the attackers in the June 8 H token breach used tools and tactics characteristic of North Korean hackers.
The hackers first sent a phishing email impersonating South Korean crypto exchange Bithumb to a Humanity Protocol executive. After the executive opened the malicious attachment, a signed first-stage loader installed remote-access malware. The attackers then breached endpoint defenses and gained full remote-desktop control of the device.
Quantstamp said a malicious loader bearing a Hancom signature, the use of a specific remote-desktop wrapper, a binary disguised as Microsoft Defender's Network Inspection Service and a hidden guest user profile all matched typical intrusion patterns used by North Korean hacking groups.
The hackers then used wallet data and private keys stolen from the compromised device to carry out an on-chain attack. On Ethereum, they upgraded a smart contract and siphoned off about 141.18 million H tokens. On Binance Smart Chain, or BSC, they seized contract authority and minted new tokens without authorization. The stolen and illicitly minted tokens were sold over about eight hours on decentralized exchanges including Uniswap and PancakeSwap, causing a severe liquidity drain and a sharp price drop.
Humanity Protocol said the H token contract on Ethereum has been safely frozen through a multisignature wallet beyond the hackers' control. On the BSC network, however, the attackers still retain admin privileges and can mint additional tokens. The project added that it is working with crypto exchanges to contain the fallout and plans to announce a recovery plan for the community through its official channels soon.
After the hack, H token plunged more than 80% from its peak and fell to around $0.05. It has recently rebounded more than 50% on strong dip-buying, recovering to around $0.30.
