$36 Million Hack: Humanity Protocol Targeted by North Korean Hackers According to Quantstamp

A $36 million theft from Humanity Protocol. A trail leading back to Pyongyang. And a devastatingly effective social engineering technique that successfully deceived the project’s team.

Blockchain security audit firm Quantstamp has just published an analysis pointing to North Korean state actors as the perpetrators of one of the most significant crypto attacks in recent weeks. The details of the operation reveal a level of sophistication that goes far beyond a simple technical exploit.

Here is everything we know about this attack, how it was carried out, and what it tells us about the evolving threats facing the Web3 ecosystem.

A Fake Bithumb Email at the Heart of the Attack

According to Quantstamp‘s analysis, the attack’s entry point was a fraudulent email impersonating Bithumb, one of South Korea’s largest cryptocurrency exchanges. This targeted spear phishing technique allowed the attackers to compromise a member of the Humanity Protocol team, effectively opening the door to the entire system.

Impersonating well-known exchanges is a recurring signature of hacker groups affiliated with North Korea, most notably the infamous Lazarus Group. These actors are not solely looking to exploit code vulnerabilities — they target people, who are often the weakest link in any security infrastructure. Using a Korean entity that is well recognized within the Asian crypto sector significantly increases the credibility of the lure for the teams being targeted.

This type of hybrid attack — combining social engineering with technical exploitation — has become the standard playbook for North Korean state-sponsored groups, which are estimated to have stolen several billion dollars in cryptocurrency over recent years, according to assessments from the UN and Chainalysis.

Humanity Protocol: A High-Profile Project, a Prime Target

Humanity Protocol is a blockchain project focused on decentralized identity verification, including through palm recognition technology. Backed by prominent investors and having raised significant funding, the project represented a high-value target for threat actors looking to maximize their return per attack.

The loss of $36 million is a serious blow to the project’s ecosystem, but also to user confidence in decentralized identity protocols. In a sector where the core promise is precisely the security and sovereignty of personal data, a breach of this scale sends an alarming signal to investors and institutional partners alike.

Quantstamp, brought in to conduct a post-mortem analysis of the incident, emphasizes that the compromise did not occur through a vulnerability in the protocol’s smart contracts, but rather through an attack on the team’s human and operational infrastructure. This detail is critical: even audited and secured code offers no protection against a private key stolen via phishing.

The North Korean Threat: A Systemic Risk for Crypto

The Humanity Protocol case is part of a broader and deeply concerning trend. According to Chainalysis data, North Korean hackers are estimated to have stolen more than $1.3 billion in cryptocurrency in 2024 alone, making the DPRK the most active and most dangerous malicious actor in the global blockchain space.

The methods are constantly evolving: fake LinkedIn recruiters, spoofed exchange emails, malware disguised as software updates. Crypto teams, which are often small and under-resourced when it comes to cybersecurity, make for particularly attractive targets. Quantstamp recommends that projects strengthen their internal authentication protocols, train their teams to recognize phishing attempts, and adopt multi-signature architectures to limit fund exposure in the event that a single actor is compromised.

For the industry as a whole, this incident is a stark reminder that security in Web3 cannot be reduced to smart contract audits alone. The human attack surface remains the most exploited — and the hardest to patch.