Humanity Protocol's $36M hack linked to suspected North Korean hackers, Quantstamp reports

A single phishing email pretending to be from South Korean exchange Bithumb cost Humanity Protocol $36 million. Blockchain security firm Quantstamp traced the malware used in the attack to North Korean threat actors, adding yet another entry to Pyongyang’s growing resume of crypto heists in 2026.

The breach drained approximately 141 million H tokens from an Ethereum bridge contract, with attackers also minting additional tokens on the BNB Smart Chain. The result was a near-total collapse of confidence in the token, which cratered by 80-90% within hours as stolen assets were dumped across decentralized exchanges.

How a fake email became a $36M problem

The attack started on June 5, three days before the exploit itself was executed on June 8. The entry point was a phishing email designed to look like it came from Bithumb, one of South Korea’s largest crypto exchanges.

That email carried malware. When a Humanity Protocol director opened it, the malicious software compromised their device and gave attackers access to seven private keys stored on a developer’s machine.