Home
News
Details

Humanity Protocol Traces $36M Hack to Malware on Developer Machine

iconNS3
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ETH
$1,679.340.79%
This is the logo of the coin.
BNB
$608.7490.39%
AI summary iconSummary

expand icon
Humanity Protocol released a protocol update tracing a $36 million hack to malware on a developer machine holding seven private key backups. The breach exposed admin and Safe owner keys on Ethereum and BNB Smart Chain, allowing the attacker to drain and mint H tokens. Bridge deposits and withdrawals were paused, and a $1 million USDT bounty was offered for on-chain news or leads on asset recovery.

Key Point

Humanity Protocol's forensic incident report traced its $36 million breach to one malware-infected developer machine that stored backups of seven private keys. The keys included the admin hot wallet key, three Ethereum Safe owner keys, and three BNB Smart Chain Safe owner keys. The attacker used the compromised keys to drain 6.04 million H from an Ethereum admin hot wallet, drain 141.18 million H through a malicious bridge upgrade, and mint 300 million H on BNB Smart Chain. Humanity Protocol said the BNB Smart Chain token contract remains under attacker control. Humanity Protocol halted bridge deposits and withdrawals and offered a $1 million USDT bounty for information leading to asset recovery.

Why it matters: Key compromise at an admin level can turn normal protocol permissions into direct loss channels and may weaken confidence in bridge security.

Market Sentiment

Bearish, Stress-on, Tech-driven, De-risking.

Reason: The $36 million breach came from seven compromised private keys, which points to severe operational security risk for the protocol.

Similar Past Cases

In 2022, Sky Mavis raised $150 million to reimburse users after the Ronin Bridge hack caused more than $600 million in losses. (Axios) The difference is that Ronin centered on user reimbursement after a bridge theft, while Humanity Protocol's report also describes ongoing attacker control of a token contract.

Ripple Effect

Admin key compromise can push users to reassess protocols that rely on concentrated signing authority. If bridge deposits and withdrawals remain halted, then liquidity stress may stay concentrated in H markets. If asset recovery advances, then confidence may improve first in the affected protocol before broader bridge sentiment changes.

Opportunities & Risks

Opportunities: If bridge deposits and withdrawals reopen, then restored access is a potential re-entry signal for traders already monitoring H. If recovered funds move toward H token buybacks, then the recovery mechanism may support sentiment.

Risks: If the BNB Smart Chain token contract remains under attacker control, then reducing exposure limits downside from further supply or control risk. If laundering continues without recovery, then H liquidity may remain fragile.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.