Home
News
Details

Humanity Protocol Reveals $31 Million Theft Caused by Malware-Infected Developer Device

icon币界网
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ETH
$1,676.580.98%
This is the logo of the coin.
BNB
$603.9110.65%
AI summary iconSummary

expand icon
Humanity Protocol announced a $31 million theft on June 8, traced to a malware-infected developer device. Attackers exploited root access to steal seven private keys, including one admin hot wallet and six Safe owner keys on Ethereum and BNB Chain. The protocol update confirms the breach resulted from operational vulnerabilities, not smart contract flaws. On-chain reports highlight risks associated with key backups, endpoint security, and permission management. The incident demonstrates how legitimate private keys can bypass smart contract audits, prompting teams to strengthen infrastructure and key management practices.
CoinDesk reports:

Humanity Protocol disclosed that the approximately $31 million attack on June 8 was caused by a developer’s device being infected with malware. The attackers subsequently gained root access to the device and obtained seven private keys that were accidentally backed up locally during the mainnet launch.

Involves seven critical private keys

The project team stated that these private keys include one administrator hot wallet private key and six Safe owner private keys distributed across Ethereum and BNB Chain. The attacker did not exploit a code vulnerability but instead used valid private keys to authorize transactions and transfer assets.

The project states that it is not a contract vulnerability.

According to the disclosure, this incident does not involve exploitation of a smart contract vulnerability. The issue stemmed from operational and access control procedures, particularly regarding key backups, endpoint security, and permission management during the mainnet launch.

Operational security risks are escalating

Since attackers used legitimate private keys, this type of risk is typically difficult to detect in advance through contract audits. The incident has once again made private key management, development environment isolation, and infrastructure security key priorities for crypto projects.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.