Web3

Humanity Protocol Overhauls Security After $36M Phishing Attack Traced to Employee Laptop

Humanity Protocol founder Terence Kwok says the project will rebuild its security architecture after a $36 million June exploit was traced to a phishing-compromised employee laptop that held admin hot wallet keys and multisig owner keys.

⏱ 2 min read Web3
Quick Summary
  • A phishing email disguised as a Bithumb token lockup update gave attackers remote access to an employee laptop holding admin hot wallet keys and multisig owner keys, enabling a $36 million exploit
  • Quantstamp linked the attack to North Korea-affiliated threat actors, consistent with $578 million attributed to such actors in April alone
  • CertiK data shows phishing and wallet compromises dominated H1 2026 losses totalling $1.32 billion, with founder Terence Kwok vowing to rebuild Humanity Protocol's security with operational controls at the core

Humanity Protocol founder Terence Kwok has pledged to overhaul the decentralized identity project’s cybersecurity posture following a June exploit that drained $36 million in Humanity (H) tokens from the platform, tracing the breach directly to a compromised employee laptop.

How the Breach Happened

In an interview, Kwok revealed that during last year’s mainnet launch, several production keys were inadvertently backed up onto the laptop that was later compromised. Those keys included admin hot wallet keys and a quorum of multisig owner keys across both chains. The result was a catastrophic point of failure that attackers were able to fully exploit. Reflecting on the incident, Kwok said:

‘The hard lesson here is that operational security is as critical as smart-contract security, and we are rebuilding accordingly.’

The stolen $36 million represented a significant share of the project’s value; the H token’s market capitalisation currently stands at approximately $211 million, according to CoinMarketCap data.

Blockchain security firm Quantstamp linked the attack to North Korea-affiliated threat actors. The initial intrusion vector was a phishing email carrying a malicious attachment disguised as a token lockup schedule update from South Korean cryptocurrency exchange Bithumb. Once opened, the attachment installed malware that granted attackers remote access to the machine.

Hackers Pivot From Code to People

The Humanity Protocol case reflects a broader shift in how sophisticated crypto attackers operate. Rather than hunting for smart contract bugs, adversaries are increasingly targeting staff-level weaknesses and operational shortcomings to gain access to high-value keys and credentials.

North Korea-linked actors were attributed to at least $578 million of the $634 million stolen across crypto-related incidents in April alone. During the second quarter of 2026, more than 70% of total losses stemmed from the Drift Protocol and KelpDAO exploits, both widely attributed to North Korean state-sponsored hackers.

Phishing and Wallet Compromises Dominated H1 2026

CertiK data for the first half of 2026 showed that phishing attacks drove the majority of first-quarter losses, totalling $508 million, while wallet compromises emerged as the dominant attack vector in the second quarter, contributing $807 million in losses.

Overall crypto hack losses fell 46.8% year-on-year to $1.32 billion in H1 2026, though CertiK cautioned that the decline is misleading, since the $1.4 billion Bybit hack in early 2025 inflated the prior-year comparison, and warned that North Korean actors remain an active and escalating threat.

Kwok’s acknowledgement that operational security failed alongside smart-contract security marks a significant inflection point for a project that positions itself as a decentralized identity solution. Humanity Protocol says it is now rebuilding its security architecture from the ground up with operational controls at the centre.

⚖️ Our Verdict ⚖️ Watch and Wait

The Humanity Protocol breach underscores a dangerous shift toward human-layer attacks in crypto, making operational security the next critical battleground for the industry.