Humanity Protocol Hack 2026 — $36M Exploit Analysis

DPRK-linked attacker phished a director via email, installed remote-access malware, stole 7 multisig keys from one compromised laptop, seized ProxyAdmin on both chains, upgraded the bridge to a malicious contract, and drained 141M H on Ethereum and 122B+ H on BSC.

Details

Full Description

On June 9, 2026, a DPRK-linked attacker phished director Chong Yee Wai via an email impersonating a Korean exchange, installed remote-access malware (hncagent.exe signed with a Hancom certificate), and stole 7 multisig keys from one compromised laptop (3-of-6 ETH Safe, 3-of-5 BSC Safe). The attacker seized the ProxyAdmin on both chains, upgraded the bridge to a malicious contract, drained 141M H on Ethereum, and minted 122B+ H on BSC. The attacker sold the tokens on Uniswap and PancakeSwap, crashing the H price 89%. There was no timelock on the ProxyAdmin. Humanity Protocol was backed by Pantera and Jump Crypto.

Laundering Analysis

Drained H tokens sold on Uniswap (Ethereum) and PancakeSwap (BSC), crashing the H price 89%. No recovery reported at time of writing.

Sources

Transaction Hashes

Related Hacks

Back to Browse