Humanity Protocol Hack Update: Quantstamp Report Publishes

Humanity Protocol Hack Update: North Korean Hacker Behind the Attack?

A security firm just confirmed what many feared. The Humanity Protocol hack was not a random attack, it looks like the work of North Korean hackers.

Quantstamp, a blockchain security company, published its preliminary investigation report on June 11, 2026. Humanity Protocol had hired them three days earlier, right after the $H token breach hit both Ethereum and BNB Smart Chain on June 8. Quantstamp investigation points to a sophisticated, well-planned operation.

Source: Official Announcement

How Attackers Pulled Off the Humanity Protocol Hack 

Everything started with a single email.

On June 5, 2026 at 02:00 UTC, director Chong Yee Wai received a message that looked like it came from Bithumb, a well-known Korean crypto exchange. 

The email discussed a circulating supply lockup schedule and carried a zip file attachment named Bithumb_Circulating_Supply_Lockup_Schedule.zip hosted on an attacker-controlled domain, celuweb.com.

Chong downloaded it, filled out what appeared to be a spreadsheet, and even replied, copying his colleague Terence Kwok on the email. 

Kwok had independently received the same phishing mail, but with a slightly different tracking link. Attackers commonly use separate links to identify which victim's device has been successfully infected.

North Korean Fingerprints: What the $H Token Hack Report Revealed 

The zip file contained hncagent.exe, a first-stage malware loader. Quantstamp noted it was signed using a legitimate South Korean Hancom certificate — a technique consistently linked to DPRK-affiliated hacking groups.

Between June 7 and June 8, the attacker ran a secondary executable eight times to install full remote desktop control over Chong's Windows machine. The tools used included Stas'm RDP Wrapper and two files disguised as Microsoft Defender's Network Inspection Service.

A hidden GuestUser profile appeared on the system. Neither Sophos nor Windows Defender flagged anything.

With complete access to Chong's machine, the attacker copied his MetaMask wallet data, its Chrome extension encryption key, and every private key stored on the device.

Humanity Token Price Today: Current Level After 89% Crash

On June 8, 2026, the attacker used the stolen keys across both chains over roughly eight hours. Here is what happened:

• On Ethereum, using Chong's stolen account key, the attacker replaced a Hyperlane warp-route proxy and moved approximately 141.18 million $H tokens to an attacker-controlled address

• On BSC, using three stolen Safe signer keys, the attacker seized a ProxyAdmin contract and minted around 100 million new $H tokens to a fresh wallet

• All stolen $H was then dumped on Uniswap and PancakeSwap for ETH and BNB

Following this Humanity Protocol news, the H token price collapsed by about 89% on the open market, wiping out liquidity providers and remaining holders almost instantly. 

Source: CoinMarketCap Official

 As per today $H is trading at around $0.2058, down 23.4%. Trading volume also dropped 26% to $75.3M.

Humanity Protocol Hack Recovery: Where Things Stand Right Now 

Quantstamp's report remains preliminary as of June 11, 2026. Tracing of BSC proceeds and the full downstream wallet network is still active.

The $H crypto token hack recovery timeline is unclear. If the DPRK attribution holds, recovering funds becomes significantly harder, North Korean cybercrime groups have historically moved stolen crypto through mixers and cross-chain bridges within days.

What this Humanity Protocol hack news makes undeniable is the risk of concentrating critical private keys on a single internet-connected device. One phishing email, three days of silent access, and eight hours of execution drained an entire protocol. The full investigation update is expected as Quantstamp continues its on-chain tracing.

Disclaimer: This article is for informational purposes only. All information and data are based on current market conditions and publicly available sources at the time of publication. The content does not make any claims, guarantees, or investment recommendations.