Dernière minute
TRNATO Genel Sekreteri Rutte, Ankara'daBRJustiça determina remoção de 13 postes instalados em dunas na Praia do Campeche, em FlorianópolisBRDois jovens morrem e um é baleado após ataque a tiros em bar de Jaguaré; suspeito é presoPLTragiczny wypadek w Postolinie: 4 osoby zginęły, w tym 12-latkaCN保时捷或将再裁员4000人,管理和行政岗位受影响尤为严重BRProfessor de jiu-jítsu é preso por crimes sexuais no AmazonasTRCumhurbaşkanlığı İletişim Başkanı Duran'dan Trump'ın Türkiye ziyaretine ilişkin açıklamaDEMillionen Iraner folgen Trauerprozession für getöteten Ajatollah ChameneiRUШесть человек, включая двух детей, ранены при атаке дрона ВСУ на автобус в Белгородской областиFRCédric Jubillar, Anastasia Berezovska, Hamza F. : les faits divers marquants de la semaineTRNATO Genel Sekreteri Rutte, Ankara'daBRJustiça determina remoção de 13 postes instalados em dunas na Praia do Campeche, em FlorianópolisBRDois jovens morrem e um é baleado após ataque a tiros em bar de Jaguaré; suspeito é presoPLTragiczny wypadek w Postolinie: 4 osoby zginęły, w tym 12-latkaCN保时捷或将再裁员4000人,管理和行政岗位受影响尤为严重BRProfessor de jiu-jítsu é preso por crimes sexuais no AmazonasTRCumhurbaşkanlığı İletişim Başkanı Duran'dan Trump'ın Türkiye ziyaretine ilişkin açıklamaDEMillionen Iraner folgen Trauerprozession für getöteten Ajatollah ChameneiRUШесть человек, включая двух детей, ранены при атаке дрона ВСУ на автобус в Белгородской областиFRCédric Jubillar, Anastasia Berezovska, Hamza F. : les faits divers marquants de la semaine
Newsgather
BackNorth Korea-Linked Hackers Suspected in Humanity Protocol's $36M Token Theft
North Korea-Linked Hackers Suspected in Humanity Protocol's $36M Token Theft
En développement
Cointelegraph14.06.2026Crime2 dk okuma

North Korea-Linked Hackers Suspected in Humanity Protocol's $36M Token Theft

L'essentiel

  • Blockchain security firm Quantstamp suspects North Korea-linked actors in the recent $36 million token theft from Humanity Protocol.
  • A phishing email with a malicious attachment, disguised as a Bithumb update and signed with a South Korean digital certificate, led to malware installation and theft of tokens.

Résumé généré par IA

Pourquoi c'est important

Humanity Protocol, a decentralized identity company, suffered a $36 million token theft on Monday. Blockchain security firm Quantstamp suspects North Korea-linked threat actors were involved, citing a phishing email and malware signed with a South Korean digital certificate.

Taille de police

A malicious attachment delivered through a phishing email points to the involvement of North Korea-linked threat actors in Humanity Protocol's recent hack, according to blockchain security company Quantstamp.

The decentralized identity company said a compromised employee's laptop enabled attackers to steal $36 million in Humanity (H) tokens on Monday.

The malicious attachment was disguised as a token lockup schedule update from South Korean cryptocurrency exchange Bithumb. It installed malware that gave attackers full remote access to the laptop, Quantstamp said in its incident response.

The phishing email that led to the Humanity Protocol compromise. Source: Quantstamp

Quantstamp added that the malware was signed with a South Korean Hancom digital certificate, a pattern it described as “characteristic of DPRK intrusions.” The malware enabled attackers to copy Humanity Protocol director Chong Yee Wai's MetaMask wallet credentials and private keys.

The suspected North Korean link would add to a series of major crypto thefts attributed to the country. North Korea-linked threat actors were tied to at least $578 million of the $634 million stolen in crypto-related incidents in April.

North Korean hackers tied to some of the largest crypto hacks

According to a May report by blockchain security company CertiK, the same actors have been linked to about $2 billion of the $3.4 billion lost to crypto exploits in 2025, while accounting for 12% of total incidents. CertiK said the figures reflect a focus on “precision and scale.”

Over the past decade, North Korea-linked actors stole an estimated $6.75 billion in cryptocurrency across 263 documented incidents, the report said.

Related: CZ sounds alarm as ‘SEAL’ team uncovers 60 fake IT workers linked to North Korea

CertiK added that North Korea has “industrialized” crypto theft into a core state revenue mechanism, making these operations a substantial share of the regime’s external income.

Total DPRK crypto theft over the years. Source: CertiK/Skynet

North Korea rarely responds to cybercrime allegations, but on May 3, a Foreign Ministry spokesperson rejected them in a statement carried by the Korean Central News Agency, the country's state media.

The spokesperson accused the US of spreading “incorrect” narratives about the “non-existent ‘cyber threat’” from North Korea.

À surveiller

Perspective IA — des possibilités, pas des certitudes

  • Further investigations into North Korean cybercrime operations and their funding mechanisms.

    Probable · En quelques mois

Questions ouvertes

  • How was the employee's laptop compromised?
  • What specific measures are being taken to recover the stolen tokens?
  • Will South Korea officially respond to the use of its digital certificates in cyberattacks?

Sujets liés

This article was originally published by Cointelegraph.

Articles liés

Belgian Authorities Arrest Suspect in Major European Phishing and Money Laundering Network
En développement·2 g önce

Belgian Authorities Arrest Suspect in Major European Phishing and Money Laundering Network

Belgian police arrested a 19-year-old suspected of leading a phishing and money-laundering network that stole over €500,000 using fake government emails. The suspect was found in an Airbnb in Antwerp, where a second individual was also apprehended. The investigation highlights crypto's role in laundering illicit funds and the broader threat of phishing to crypto investors.

Cointelegraph
Teenager Extradited to US Over Alleged Role in $8 Million Crypto Ransom Scheme
En développement·3 g önce

Teenager Extradited to US Over Alleged Role in $8 Million Crypto Ransom Scheme

A 19-year-old dual US-Estonian national, Peter Stokes, has been extradited to the US from Finland to face charges related to an $8 million crypto ransom demand against a luxury jewelry retailer. Authorities allege Stokes, linked to the "Scattered Spider" hacking group, compromised company systems and demanded payment, though the retailer did not pay but incurred $2 million in damages.

Cointelegraph
Plus sur ce sujetHumanity Protocol