Claims Human Laptop Hack Leads to $36MH Token Exploit
Humanity Protocol's compromise of the employee's laptop allowed attackers to seize control of the bridge, modify contracts, and steal more than $36 million in H tokens.
In an incident update on Tuesday, the protocol said Monday's attack affected the H token on Ethereum and the BNB chain. The team found that three of six Gnosis Safe owner keys were compromised, allowing attackers to control bridge management on both networks.
Once in control, the attackers changed the bridge protocols to various malicious versions, Humanity said. They spent about 141.2 million tokens on Ethereum. On BSC, they added a function that allows them to create unlimited tokens, then deposit 200 million tokens directly into their own wallet.
Humanist founder Terence Kwok told Cointelegraph that the project had multi-signature controls spread over four individuals, but some keys were exposed during setup.
“Some of the keys that happened were accidentally backed up to a compromised device,” Kwok told Cointelegraph.
He said Humanity is a “licensed custodian for most of the token vault” and uses MPC for the vault's operations, but that “multi-sig keys for certain contracts were set up and scattered in one place,” adding that some keys were stored on a compromised device.
The incident shows how a compromised endpoint can become a protocol-level crisis when different authorities gather behind small keys. Humanity said it has stopped loading and unloading for the affected bridges and is working with exchanges and related parties to minimize damage and explore recovery options.
Humanity Protocol's H token dropped by more than 85% after the project announced a private key agreement. At the time, Kwok warned users not to come in contact with the bridge or liquid pools.
Source: Humanitarian Protocol
Security organizations investigate exploits
The issue prompted blockchain investigators to investigate whether the attack was related to an outsourced agreement or unusual token activity, as some community members pointed out.
Blockchain researcher ZackXBT initially questioned whether humanitarian market creator and over-the-counter (OTC) activity was linked to exploitation. However, after further analysis, it appears that the market maker and OTC activity is independent of private key agreement.
RELATED: ZEC Drops 30% As Shielded Labs Reveals Infinite Fake Bug
Hakan Unal, who leads senior security operations at Cybers, told Cointelegraph that an onchain pattern may seem similar at first, whether an event is a real deal or a coordinated event, as the attacker holds legal administrative rights in both cases.
“What sets them apart is the character around them,” Unal said. “A real deal usually shows speed and progress: funds are thrown into hot wallets quickly, with bad exchange rates, no mixer usage and no internal time.
On the other hand, Unal said, a structured event shows a suspicious period near the openings, a strong offer, orderly movement or income that ultimately shows group-related addresses or market makers.
“Currently, the evidence is mixed, which is why the question remains open,” he added.
The researcher suspects that the humanitarian phenomenon is co-ordinated.
Meanwhile, Elton Shehdula, head of research at Allium Labs, said the exploit's on-chain pattern indicates a planned and coordinated approach rather than purely haphazard.
Wallet Money and Timeline. Source: Allium Labs
Shehdula said that while the wallets' currency and mix had been collected weeks before, days before the attack, enforcement officials “got hot” and the dump happened on two chains at the same time.
He said the configuration and level of access was consistent with an “internal or external actor” who had been in possession of the compromised key for some time.
Magazine: Vietnam preps crypto pilot, HK pushes tokenization: Asia Express
