{"id":30182,"date":"2026-06-14T15:03:24","date_gmt":"2026-06-14T14:03:24","guid":{"rendered":"https:\/\/investx.fr\/en\/2026\/06\/14\/humanity-protocol-hack-36-million-north-korea-quantstamp\/"},"modified":"2026-06-14T15:03:27","modified_gmt":"2026-06-14T14:03:27","slug":"humanity-protocol-hack-36-million-north-korea-quantstamp","status":"publish","type":"post","link":"https:\/\/investx.fr\/en\/crypto-news\/humanity-protocol-hack-36-million-north-korea-quantstamp\/","title":{"rendered":"$36 Million Hack: Humanity Protocol Targeted by North Korean Hackers According to Quantstamp"},"content":{"rendered":"\n

A $36 million theft<\/strong> from Humanity Protocol<\/strong>. A trail leading back to Pyongyang<\/strong>. And a devastatingly effective social engineering<\/strong> technique that successfully deceived the project’s team.<\/p>\n\n\n\n

Blockchain security audit firm Quantstamp<\/strong> has just published an analysis pointing to North Korean state actors<\/strong> as the perpetrators of one of the most significant crypto attacks in recent weeks. The details of the operation reveal a level of sophistication that goes far beyond a simple technical exploit.<\/p>\n\n\n\n

Here is everything we know about this attack, how it was carried out, and what it tells us about the evolving threats facing the Web3<\/strong> ecosystem.<\/p>\n\n\n\n

A Fake Bithumb Email at the Heart of the Attack<\/h2>\n\n\n\n

According to Quantstamp<\/strong>‘s analysis, the attack’s entry point was a fraudulent email impersonating Bithumb<\/strong>, one of South Korea’s largest cryptocurrency exchanges. This targeted spear phishing<\/strong> technique allowed the attackers to compromise a member of the Humanity Protocol<\/strong> team, effectively opening the door to the entire system.<\/p>\n\n\n\n

Impersonating well-known exchanges is a recurring signature of hacker groups affiliated with North Korea<\/strong>, most notably the infamous Lazarus Group<\/a>. These actors are not solely looking to exploit code vulnerabilities \u2014 they target people, who are often the weakest link in any security infrastructure. Using a Korean entity that is well recognized within the Asian crypto sector significantly increases the credibility of the lure for the teams being targeted.<\/p>\n\n\n\n

This type of hybrid attack \u2014 combining social engineering<\/strong> with technical exploitation \u2014 has become the standard playbook for North Korean state-sponsored groups<\/strong>, which are estimated to have stolen several billion dollars in cryptocurrency over recent years, according to assessments from the UN<\/strong> and Chainalysis<\/strong>.<\/p>\n\n\n\n

\"$36<\/figure>\n\n\n\n

Humanity Protocol: A High-Profile Project, a Prime Target<\/h2>\n\n\n\n

Humanity Protocol<\/strong> is a blockchain<\/a> project focused on decentralized identity verification<\/strong>, including through palm recognition technology. Backed by prominent investors and having raised significant funding, the project represented a high-value target for threat actors looking to maximize their return per attack.<\/p>\n\n\n\n

The loss of $36 million<\/strong> is a serious blow to the project’s ecosystem, but also to user confidence in decentralized identity protocols. In a sector where the core promise is precisely the security and sovereignty of personal data, a breach of this scale sends an alarming signal to investors and institutional partners alike.<\/p>\n\n\n\n

Quantstamp<\/strong>, brought in to conduct a post-mortem analysis of the incident, emphasizes that the compromise did not occur through a vulnerability in the protocol’s smart contracts<\/strong>, but rather through an attack on the team’s human and operational infrastructure. This detail is critical: even audited and secured code offers no protection against a private key stolen via phishing.<\/p>\n\n\n\n

The North Korean Threat: A Systemic Risk for Crypto<\/h2>\n\n\n\n

The Humanity Protocol<\/strong> case is part of a broader and deeply concerning trend. According to Chainalysis<\/strong> data, North Korean hackers are estimated to have stolen more than $1.3 billion<\/strong> in cryptocurrency in 2024 alone, making the DPRK<\/strong> the most active and most dangerous malicious actor in the global blockchain<\/a> space.<\/p>\n\n\n\n

The methods are constantly evolving: fake LinkedIn<\/strong> recruiters, spoofed exchange emails, malware disguised as software updates. Crypto teams, which are often small and under-resourced when it comes to cybersecurity, make for particularly attractive targets. Quantstamp<\/strong> recommends that projects strengthen their internal authentication protocols, train their teams to recognize phishing attempts, and adopt multi-signature architectures<\/strong> to limit fund exposure in the event that a single actor is compromised.<\/p>\n\n\n\n

For the industry as a whole, this incident is a stark reminder that security in Web3 cannot be reduced to smart contract audits alone<\/a>. The human attack surface remains the most exploited<\/strong> \u2014 and the hardest to patch.<\/p>\n\n\n\n

\n\n\n\n

Related articles :<\/h3>\n\n\n\n