Nexo Earn with Nexo
Quantstamp links June 8 H token breach to North Korean hackers

Quantstamp links June 8 H token breach to North Korean hackers

Humanity Protocol lost an estimated $32-$36 million after malware on a developer's laptop exposed private keys, draining 141 million H tokens across Ethereum and BNB Chain

Share

Add us on Google
by Editorial Team

A single compromised laptop cost Humanity Protocol somewhere between $32 million and $36 million. On June 8, attackers drained roughly 141 million H tokens from the project’s Ethereum bridge in one transaction, then minted additional tokens on BNB Smart Chain for good measure.

Blockchain security firm Quantstamp has linked the breach to hackers with ties to North Korea, adding Humanity Protocol to the growing list of crypto projects allegedly targeted by state-sponsored actors in 2026.

How a developer’s laptop became a $36 million liability

Malware installed on a developer’s laptop compromised private keys that had been backed up on the infected machine. Those keys controlled multiple production systems, giving attackers the ability to move tokens at will.

Advertisement

Approximately 141 million H tokens were siphoned from the Ethereum bridge in a single transaction. On BNB Smart Chain, the hackers minted additional H tokens, converting most of the proceeds into ETH.

Humanity Protocol has emphasized that its smart contract infrastructure wasn’t breached. The vulnerability was purely operational, a failure of key management and device security rather than a flaw in the underlying code.

The market reaction was brutal

The H token’s price collapsed by 80% to 90% in the immediate aftermath of the breach becoming public.

On-chain investigators, including Lookonchain and the pseudonymous blockchain sleuth ZachXBT, published their own analyses of the breach. Their findings confirmed the malware-induced private key compromise as the root cause, though the degree to which state-sponsored actors were definitively involved remained a point of discussion among independent researchers.

Quantstamp’s attribution to North Korean hackers places this incident within a broader pattern. North Korea-linked groups have been responsible for some of the largest crypto heists in history, and 2026 has seen a continuation of that trend with attacks targeting projects like KelpDAO.

Private keys remain crypto’s weakest link

For a project focused specifically on identity and privacy, which is Humanity Protocol’s entire thesis, the irony is difficult to ignore. A protocol designed to secure human identity was undone by basic operational security failures on a single device.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.
MARKETS

Quantstamp links June 8 H token breach to North Korean hackers

Quantstamp links June 8 H token breach to North Korean hackers

Humanity Protocol lost an estimated $32-$36 million after malware on a developer's laptop exposed private keys, draining 141 million H tokens across Ethereum and BNB Chain

by Editorial Team

Share

Add us on Google

A single compromised laptop cost Humanity Protocol somewhere between $32 million and $36 million. On June 8, attackers drained roughly 141 million H tokens from the project’s Ethereum bridge in one transaction, then minted additional tokens on BNB Smart Chain for good measure.

Blockchain security firm Quantstamp has linked the breach to hackers with ties to North Korea, adding Humanity Protocol to the growing list of crypto projects allegedly targeted by state-sponsored actors in 2026.

How a developer’s laptop became a $36 million liability

Malware installed on a developer’s laptop compromised private keys that had been backed up on the infected machine. Those keys controlled multiple production systems, giving attackers the ability to move tokens at will.

Advertisement

Approximately 141 million H tokens were siphoned from the Ethereum bridge in a single transaction. On BNB Smart Chain, the hackers minted additional H tokens, converting most of the proceeds into ETH.

Humanity Protocol has emphasized that its smart contract infrastructure wasn’t breached. The vulnerability was purely operational, a failure of key management and device security rather than a flaw in the underlying code.

The market reaction was brutal

The H token’s price collapsed by 80% to 90% in the immediate aftermath of the breach becoming public.

On-chain investigators, including Lookonchain and the pseudonymous blockchain sleuth ZachXBT, published their own analyses of the breach. Their findings confirmed the malware-induced private key compromise as the root cause, though the degree to which state-sponsored actors were definitively involved remained a point of discussion among independent researchers.

Quantstamp’s attribution to North Korean hackers places this incident within a broader pattern. North Korea-linked groups have been responsible for some of the largest crypto heists in history, and 2026 has seen a continuation of that trend with attacks targeting projects like KelpDAO.

Private keys remain crypto’s weakest link

For a project focused specifically on identity and privacy, which is Humanity Protocol’s entire thesis, the irony is difficult to ignore. A protocol designed to secure human identity was undone by basic operational security failures on a single device.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.