It is every crypto company’s worst nightmare. Decentralized identity platform Humanity Protocol recently lost a staggering $36 million in Humanity (H) tokens in a devastating cyberattack. Now, an incident response report from blockchain security firm Quantstamp has shed light on exactly what went wrong, and the digital footprints point directly toward suspected North Korean threat actors.
How a Fake Bithumb Email Led to the Exploit
How does a sophisticated tech company lose millions overnight? In this case, it all started with a single, highly deceptive email. According to Quantstamp, the attackers sent a targeted phishing email to a company employee. The message carried a malicious attachment that was cleverly disguised as a routine token lockup schedule update from the popular South Korean crypto exchange, Bithumb.
Once the employee opened the seemingly harmless file, the trap was sprung. The attachment silently installed malware that granted the hackers full remote access to the compromised laptop. What makes this attack distinctly characteristic of North Korean, or DPRK, intrusions is the use of a South Korean Hancom digital certificate used to sign the malware. With complete system access established, the cybercriminals easily copied the MetaMask wallet credentials and private keys belonging to Humanity Protocol director Chong Yee Wai, allowing them to drain the funds without breaking a sweat.
The Bigger Picture: North Korea’s Billion-Dollar Crypto Theft Machine
This $36 million heist is not an isolated incident; it is part of a massive, highly organized trend. North Korean hackers have practically industrialized cryptocurrency theft, turning it into a major revenue stream to fund the state. To put things into perspective, blockchain security company CertiK reported that in April alone, North Korea-linked actors were responsible for at least $578 million out of the $634 million stolen in crypto-related exploits.
The numbers for the broader year are even more alarming. These state-sponsored threat actors have been linked to roughly $2 billion of the $3.4 billion lost to crypto hacks in 2025. Despite making up only twelve percent of the total hacking incidents, their strategic focus on precision and scale ensures maximum financial damage every time they strike. Over the last decade, North Korean operatives have walked away with an estimated $6.75 billion across 263 documented attacks. While the regime’s Foreign Ministry recently dismissed these allegations as a fabricated narrative spread by the United States, the on-chain data tells a very different, and incredibly expensive, story.
