Humanity Protocol: Phishing Attack Stole Director Keys, Forcing Abandonment of BNB Chain Deployment

Humanity Protocol said a targeted phishing campaign against one of its directors led to the theft of private keys tied to the June 8 $H token exploit, permanently compromising the project’s BNB Chain deployment. In an incident update published June 12, the team cited findings from an independent review by Quantstamp. Investigators concluded the attacker used stolen administrative credentials to perform contract upgrades, move tokens on Ethereum, and mint fresh $H on BNB Smart Chain. The attacker then sold the tokens on Uniswap and PancakeSwap over roughly eight hours, draining liquidity and triggering a steep drop in $H’s market price. The team said the breach began with a phishing email that impersonated crypto exchange Bithumb. The targeted director had reportedly been in contact with Bithumb prior to receiving what appeared to be a legitimate update containing a malicious attachment. Once opened, the file installed remote-access malware that granted full remote desktop control without tripping endpoint security tools. With that access, the attacker allegedly copied wallet data and private keys stored on the device before initiating the on-chain actions. Quantstamp noted the malware tooling and certificate-signing patterns observed were "characteristic of DPRK-linked intrusions," but said the evidence did not support a definitive attribution. Humanity Protocol said the attacker used the stolen director keys to upgrade a contract on Ethereum and move about 141.18 million $H tokens. On BNB Chain, the attacker reportedly took control of a ProxyAdmin contract, enabling direct minting of additional $H. Those newly minted tokens were sold into liquidity pools across Ethereum and BSC, amplifying losses for holders and liquidity providers. The team emphasized the incident was not caused by a flaw in the smart contracts themselves, describing it instead as an administrative compromise enabled by social engineering. The attack also split the project’s deployments across chains. Humanity Protocol said the Ethereum token contract was successfully frozen using a separate clean multisig wallet the attacker never accessed, and that the canonical Humanity Mainnet bridge remains unaffected. The BNB Chain deployment, though, is now considered irreparably compromised because the attacker retains administrative control and can continue minting new tokens. "This must be abandoned," the team wrote. The incident adds to industry concerns over governance key management, operational security, and phishing-driven takeover risks.