Breaking
RUВ Киеве объявлена воздушная тревогаESEspaña empata con Portugal en octavos del Mundial 2026BRHomem condenado por pedofilia no Brasil é deportado dos EUABRApreensão de ouro e químicos em Raposa Serra do SolARترمب يبني مهبط مروحيات من الغرانيت في البيت الأبيض وسط جدل حول ثروتهBRPBH adia novamente revitalização da Praça do Papa em Belo HorizonteBRMPF abre investigação contra minerador por atividade potencialmente poluidoraINTLMicrosoft Sued Over Noise Pollution from Wisconsin Data CenterGLOBALFA Considers Appealing Jarell Quansah's Red Card After Balogun IncidentGLOBALMaine Senate Candidate Graham Platner Denies Sexual Assault Allegations, Takes Time to ReflectRUВ Киеве объявлена воздушная тревогаESEspaña empata con Portugal en octavos del Mundial 2026BRHomem condenado por pedofilia no Brasil é deportado dos EUABRApreensão de ouro e químicos em Raposa Serra do SolARترمب يبني مهبط مروحيات من الغرانيت في البيت الأبيض وسط جدل حول ثروتهBRPBH adia novamente revitalização da Praça do Papa em Belo HorizonteBRMPF abre investigação contra minerador por atividade potencialmente poluidoraINTLMicrosoft Sued Over Noise Pollution from Wisconsin Data CenterGLOBALFA Considers Appealing Jarell Quansah's Red Card After Balogun IncidentGLOBALMaine Senate Candidate Graham Platner Denies Sexual Assault Allegations, Takes Time to Reflect
Newsgather
BackNorth Korea-Linked Hackers Suspected in Humanity Protocol's $36 Million Token Theft
North Korea-Linked Hackers Suspected in Humanity Protocol's $36 Million Token Theft
Developing
Cointelegraph6/14/2026Crime2 min read

North Korea-Linked Hackers Suspected in Humanity Protocol's $36 Million Token Theft

Quick Look

  • Blockchain security firm Quantstamp suspects North Korea-linked hackers in the recent $36 million theft of Humanity Protocol tokens.
  • A phishing email with a malicious attachment, disguised as a Bithumb update and signed with a South Korean digital certificate, led to malware installation and theft of private keys.

AI-generated summary

Why It Matters

Humanity Protocol, a decentralized identity company, suffered a $36 million token theft due to a compromised employee laptop accessed via a phishing email. Blockchain security firm Quantstamp suspects North Korea-linked threat actors.

Font size

A malicious attachment delivered through a phishing email points to the involvement of North Korea-linked threat actors in Humanity Protocol's recent hack, according to blockchain security company Quantstamp.

The decentralized identity company said a compromised employee's laptop enabled attackers to steal $36 million in Humanity (H) tokens on Monday.

The malicious attachment was disguised as a token lockup schedule update from South Korean cryptocurrency exchange Bithumb. It installed malware that gave attackers full remote access to the laptop, Quantstamp said in its incident response.

The phishing email that led to the Humanity Protocol compromise. Source: Quantstamp

Quantstamp added that the malware was signed with a South Korean Hancom digital certificate, a pattern it described as “characteristic of DPRK intrusions.” The malware enabled attackers to copy Humanity Protocol director Chong Yee Wai's MetaMask wallet credentials and private keys.

The suspected North Korean link would add to a series of major crypto thefts attributed to the country. North Korea-linked threat actors were tied to at least $578 million of the $634 million stolen in crypto-related incidents in April.

North Korean hackers tied to some of the largest crypto hacks

According to a May report by blockchain security company CertiK, the same actors have been linked to about $2 billion of the $3.4 billion lost to crypto exploits in 2025, while accounting for 12% of total incidents. CertiK said the figures reflect a focus on “precision and scale.”

Over the past decade, North Korea-linked actors stole an estimated $6.75 billion in cryptocurrency across 263 documented incidents, the report said.

Related: CZ sounds alarm as ‘SEAL’ team uncovers 60 fake IT workers linked to North Korea

CertiK added that North Korea has “industrialized” crypto theft into a core state revenue mechanism, making these operations a substantial share of the regime’s external income.

Total DPRK crypto theft over the years. Source: CertiK/Skynet

North Korea rarely responds to cybercrime allegations, but on May 3, a Foreign Ministry spokesperson rejected them in a statement carried by the Korean Central News Agency, the country's state media.

The spokesperson accused the US of spreading “incorrect” narratives about the “non-existent ‘cyber threat’” from North Korea.

Open Questions

  • How will Humanity Protocol recover stolen assets?
  • What specific measures will be taken against DPRK actors?
  • Will Bithumb face repercussions for the compromised certificate?

Related Topics

This article was originally published by Cointelegraph.

Related Stories

More on this topicHumanity Protocol