Home
News
Details

Humility Protocol Suffers $36M Theft via Bridge Exploits

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
H
$0.20785922.71%
This is the logo of the coin.
ETH
$1,650.68-3.4%
AI summary iconSummary

expand icon
Humility Protocol reported a $36 million bridge exploit after an employee’s machine was compromised, exposing private keys for the Hyperlane Bridge ProxyAdmin multisig wallet. Attackers gained control of 3 out of 6 Ethereum Safe signers and 3 out of 5 BSC signers, transferring ownership and deploying malicious contracts. On Ethereum, 141.2 million H tokens were drained in a single transaction, while 200 million were minted on BSC. The incident underscores vulnerabilities in cross-chain systems, even those built on Proof of Work (PoW) networks. Deposits and withdrawals have been paused, and authorities are involved in recovery efforts.

ChainCatcher report: Humility Protocol has issued a security incident update on X, stating that yesterday, H tokens on the Ethereum and BSC chains suffered a coordinated attack, with over $36 million in assets confirmed stolen and sold. Preliminary investigations indicate that the incident originated from a compromised employee computer, resulting in the exposure of private keys for the multisignature wallet controlling the Hyperlane Bridge ProxyAdmin. The attackers gained access to three of the six signers' private keys for the Gnosis Safe on Ethereum, transferred ownership of the ProxyAdmin to a wallet under their control, and upgraded the bridge contract to a malicious implementation, subsequently transferring approximately 141.2 million H tokens in a single transaction. Meanwhile, the attackers also gained control of three of the five signers' private keys for the Safe wallet on BSC, took over the ProxyAdmin in the same manner, and deployed a malicious contract with infinite minting capabilities, minting 200 million H tokens in two separate transactions to their own wallet. Humility has suspended all deposits and withdrawals for the affected bridge services and is collaborating with exchanges and other partners to minimize losses. The team is also cooperating with law enforcement on the investigation and attempting to recover部分stolen funds.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.