North Korean Hackers Suspected in $36M Humanity Protocol Breach

Cybersecurity experts have linked the recent $36 million theft from Humanity Protocol to North Korean threat actors, following a sophisticated phishing campaign that exploited fake communications from major crypto exchange Bithumb.

According to blockchain security firm Quantstamp, the attackers employed a fraudulent Bithumb email as part of their intrusion strategy. This methodology aligns with known tactics used by state-sponsored hacking groups from the Democratic People’s Republic of Korea, which have become increasingly aggressive in targeting cryptocurrency projects to circumvent international sanctions.

Humanity Protocol, a blockchain-based identity verification platform, confirmed the security breach earlier this week but had not initially disclosed the scale of losses. The $36 million figure represents a significant blow to the project, which has positioned itself as a Web3 infrastructure provider focused on proof-of-humanity solutions.

North Korean hacking collectives, particularly the Lazarus Group and its affiliated units, have systematically targeted the cryptocurrency sector for years. These operations have netted billions of dollars, with funds reportedly funneled into the regime’s weapons programs and economic survival amid crushing sanctions.

The incident underscores persistent vulnerabilities in the crypto ecosystem, where even projects implementing advanced identity verification technologies can fall victim to social engineering attacks. Security researchers emphasize that no amount of blockchain sophistication can fully protect against human-targeted phishing campaigns that exploit trust in established brands like Bithumb.

Quantstamp has not revealed specific technical details about how the breach occurred, but investigators are working with affected parties to trace the stolen funds. Historical recovery rates for North Korean-linked crypto thefts remain extremely low, as these actors typically employ sophisticated laundering techniques through mixers and multiple blockchain bridges.

Based on reporting by the original source.