Humanity Protocol says attacker stole seven keys from one device

cryptonews06-10 19:33

Humanity Protocol has identified a malware-infected developer machine as the source of the security breach that led to the theft and unauthorized minting of roughly 447 million H tokens across ...

Source Link

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Comments

We need your insight to fill this gap

Leave a comment

{"i18n":{"language":"en_US"},"isChannel":false,"data":{"share":"https://ttm.financial/m/news/2642236214?lang=en_US&edition=fundamental","thumbnail":"","is_english":true,"pubTime":"2026-06-10 19:33","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2642236214","market":"sh","top_or_hot":-1,"title":"Humanity Protocol says attacker stole seven keys from one device","media":"cryptonews","content":"<div>\n<p>Humanity Protocol has identified a malware-infected developer machine as the source of the security breach that led to the theft and unauthorized minting of roughly 447 million H tokens across ...</p>\n\n<a href=\"https://crypto.news/humanity-protocol-says-attacker-stole-seven-keys-from-one-device/\">Source Link</a>\n\n</div>\n","source":"crypto_news_highlight","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>Humanity Protocol says attacker stole seven keys from one device</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nHumanity Protocol says attacker stole seven keys from one device\n</h2>\n\n<h4 class=\"meta\">\n\n\n2026-06-10 19:33 GMT+8&nbsp;&nbsp;&nbsp;<a href=https://crypto.news/humanity-protocol-says-attacker-stole-seven-keys-from-one-device/><strong>cryptonews</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>Humanity Protocol has identified a malware-infected developer machine as the source of the security breach that led to the theft and unauthorized minting of roughly 447 million H tokens across ...</p>\n\n<a href=\"https://crypto.news/humanity-protocol-says-attacker-stole-seven-keys-from-one-device/\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"BCCC","symbol_name":"Global X Bitcoin Covered Call ETF","start_time":0,"source_url":"https://crypto.news/humanity-protocol-says-attacker-stole-seven-keys-from-one-device/","article_id":"2642236214","we_media_id":null,"thumbnails":[],"rights":{"source":"crypto_news_highlight","url":"https://crypto.news/humanity-protocol-says-attacker-stole-seven-keys-from-one-device/","rn_cache_url":null,"directOrigin":true},"url":"https://stock-news.laohu8.com/highlight/detail?id=2642236214","pubTimestamp":1781091194,"columns":[],"sourceInfo":{"source_id":"crypto_news_highlight","name":"Crypto News"},"weMediaInfo":null,"summary":"Humanity Protocol has identified a malware-infected developer machine as the source of the security breach that led to the theft and unauthorized minting of roughly 447 million H tokens across Ethereum and BNB Smart Chain.Humanity Protocol said a malware-infected developer machine exposed seven private keys used in the June attack that affected Ethereum and BNB Smart Chain.Stolen credentials allowed the attacker to drain 141.2 million H from the Ethereum bridge and mint 300 million H on BNB Smart Chain.The project said the incident stemmed from compromised private keys rather than a flaw in its smart contracts or bridge infrastructure.According to Humanity Protocol’s incident report, an attacker gained root access to a developer device and obtained seven private keys that had been inadvertently backed up during the project’s June 2025 mainnet launch.Attacker used stolen keys to seize bridge controls. While the Ethereum bridge assets were drained, the report described the BSC token as u","collect":0,"end_time":0,"defaultTopTitle":"crypto.news","property":[],"viewcount":null,"language":"en","relate_stocks":{"BCCC":"Global X Bitcoin Covered Call ETF","BKCH":"AdvisorShares Sabretooth ETF","ETCO":"Grayscale Ethereum Covered Call ETF","ETQ":"T-Rex 2X Inverse Ether Daily Target ETF","BITW":"Bitwise 10 Crypto Index ETF","ETHT":"ProShares Ultra Ether ETF","ARKY":"ARK 21SHARES ACTIVE BITCOIN ETHEREUM STRATEGY ETF","SBIT":"2倍做空比特币期货ETF-Proshares","ETU":"T-Rex 2X Long Ether Daily Target ETF","QETH":"以太坊ETF-Invesco Galaxy","ETHU":"2倍以太币期货ETF-Volatility Shares","CBOJ":"Calamos Bitcoin Structured Alt Protection ETF - January","LFGY":"YieldMax Crypto Industry and Tech Portfolio Option Income ETF","03179":"嘉实以太币","ETHV":"以太坊ETF-VanEck","CRPT":"First Trust SkyBridge Crypto Industry and Digital Economy ETF","YETH":"Roundhill Ether Covered Call Strategy ETF","CBTJ":"Calamos Bitcoin 80 Series Structured Alt Protection ETF - January","BETE":"等权重比特币&以太币期货ETF-ProShares","09179":"嘉实以太币-U","ETHW":"以太坊ETF-Bitwise","AETH":"以太坊策略ETF-Bitwise","ETH":"低成本以太坊ETF-Grayscale","BETH":"比特币&以太币期货ETF-ProShares","03046":"华夏以太币","EETH":"以太币期货ETF-ProShares","BTF":"比特币&以太币期货ETF-CoinShares","BEGS":"RAREVIEW 2X BULL CRYPTOCURRENCY & PRECIOUS METALS ETF","BITI":"1倍做空比特币期货ETF-Proshares","ETHA":"以太坊ETF-iShares","09046":"华夏以太币-U","CETH":"以太坊ETF-21Shares","BTFX":"比特币期货ETF-CoinShares","FETH":"以太币ETF-Fidelity","03009":"博时以太币","ETHD":"ProShares UltraShort Ether ETF","CBOY":"Calamos Bitcoin Structured Alt Protection ETF - July","BTCO":"比特币ETF-Invesco Galaxy","GDLC":"Grayscale CoinDesk Crypto 5 ETF","BITQ":"Bitwise Crypto Industry Innovators ETF","09009":"博时以太币-U","STCE":"Schwab Crypto Thematic ETF","ETHE":"最大以太坊ETF-Grayscale","EZET":"以太坊ETF-Franklin","ETHI":"Defiance Leveraged Long Income Ethereum ETF","MNRS":"GRAYSCALE BITCOIN MINERS ETF","SETH":"1倍做空以太币期货ETF-Proshares"},"translate_title":"Humanity Protocol称攻击者从一台设备中窃取了七个密钥","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"CBOJ":0.6,"03179":0.73,"CBOY":0.6,"METHmain":0.73,"CBTJ":0.6,"STCE":0.73,"BITI":0.6,"EETH":0.73,"ETQ":0.6,"BITW":0.73,"MNRS":0.6,"ETHV":0.73,"03046":0.73,"09179":0.73,"BTCO":0.6,"CETH":0.73,"AETH":0.73,"BETE":0.73,"ETHD":0.73,"BTFX":0.6,"GDLC":0.73,"YETH":0.73,"ETCO":0.6,"ETHA":0.73,"ETHU":0.73,"LFGY":0.73,"03009":0.73,"ETU":0.73,"BTF":0.73,"FETH":0.73,"EZET":0.73,"09046":0.73,"ETHW":0.73,"ARKY":0.73,"BEGS":0.73,"ETHI":0.6,"CRPT":0.73,"BKCH":0.73,"ETH":0.73,"BCCC":0.6,"BETH":0.73,"BITQ":0.73,"ETHT":0.73,"SETH":0.6,"QETH":0.73,"09009":0.73,"SBIT":0.6,"ETHE":0.73},"content_text":"Humanity Protocol has identified a malware-infected developer machine as the source of the security breach that led to the theft and unauthorized minting of roughly 447 million H tokens across Ethereum and BNB Smart Chain.\n\n\nSummary\n\n\n\nHumanity Protocol said a malware-infected developer machine exposed seven private keys used in the June attack that affected Ethereum and BNB Smart Chain.\nStolen credentials allowed the attacker to drain 141.2 million H from the Ethereum bridge and mint 300 million H on BNB Smart Chain.\nThe project said the incident stemmed from compromised private keys rather than a flaw in its smart contracts or bridge infrastructure.\n\n\n\nAccording to Humanity Protocol’s incident report, an attacker gained root access to a developer device and obtained seven private keys that had been inadvertently backed up during the project’s June 2025 mainnet launch. \nThe keys included the admin hot wallet key, three Ethereum Safe owner keys, and three BSC Safe owner keys, giving the attacker access to critical infrastructure from a single compromised machine.\nThe findings add new details to an attack that previously caused H to plunge sharply before staging a partial recovery. On June 10, the token traded near $0.163, up 23.7% over 24 hours, although it remained down 74.1% over the previous week following the exploit.\nHumanity Protocol said the incident was not caused by a flaw in its bridge contracts, token contracts, or Safe architecture. Instead, the attacker used valid private keys to authorize transfers, Safe transactions, and contract upgrades after obtaining control of the credentials.\nAttacker used stolen keys to seize bridge controls\nBased on the report, the attack unfolded across three separate actions between June 8 and June 9.\nDuring the first wave, 6.04 million H were drained from an Ethereum admin hot wallet after its private key was compromised. From there, the attacker moved against the protocol’s bridge infrastructure.\nUsing three stolen keys from a six-member Ethereum Safe, the attacker transferred ownership of the Bridge ProxyAdmin to an attacker-controlled wallet. After obtaining administrative control, the attacker upgraded the bridge to a malicious implementation and drained 141.18 million H in a single transaction.\nHumanity Protocol said the transaction carried the signatures needed to meet the Safe’s threshold requirements, allowing the upgrade to appear as an authorized action rather than a smart contract exploit.\nOn BNB Smart Chain, a separate set of three compromised Safe keys gave the attacker control of the token’s ProxyAdmin. After deploying a malicious implementation, the attacker executed three mint transactions of 100 million H each, increasing the token’s supply from about 141.1 million to 441.1 million H.\nInvestigation points to single point of compromise\nWhile the Ethereum bridge assets were drained, the report described the BSC token as unrecoverable because the attacker still controls the ProxyAdmin and can continue minting additional tokens. Humanity Protocol said the attacker retains ownership of both the bridge and token administration contracts affected in the incident.\nEarlier disclosures from the project focused on compromised employee devices and stolen Safe keys. The latest forensic findings narrowed the cause to one malware-infected developer machine that stored multiple sensitive backups. According to the report, investigators believe all seven private keys were obtained from that single device.\nSeveral questions remain unanswered. Humanity Protocol said it has not yet determined when the attacker first gained access, how the machine was compromised, or how long the stolen credentials were held before the attack was carried out.\nIn response to the incident, the project halted deposits and withdrawals through the affected bridges, launched a public recovery tracker, and offered a $1 million USDT bounty for information that leads to asset recovery. Humanity Protocol previously said any recovered funds would be used to buy back H tokens.\n\nWhile we work on a recovery plan for everyone affected, we want you to see exactly what we see.We’ve set up a live tracker of the exploiter’s addresses and downstream transfers so our community can follow the situation in real time: https://t.co/FlOp4TUPfm— Humanity (@Humanityprot) June 9, 2026\n\n\n\n\n\n\n                Read more:\n            \n\n                Bitcoin price falls below $61K as inflation risks mount before CPI","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"isVideo":false,"video":null,"symbols":[],"gpt_button":0,"need_auth":false,"need_login_tip":false,"code":"91000000","status":"200"},"commentList":[],"isCommentEnd":true,"newsSizeData":{"likeSize":0,"commentSize":0,"repostSize":0,"favoriteSize":0,"likeStatus":false,"favoriteStatus":false},"APP":{"userAgent":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)","isDev":false,"isTTM":true,"tenantId":"TBGLOBAL","deviceId":"web-server-community-laohu8-v3","version":"4.43.1","shortVersion":"4.43.1","platform":"web","vendor":"web","appName":"ttm","isIOS":false,"isAndroid":false,"isTiger":false,"isTHS":false,"isWeiXin":false,"isWeiXinMini":false,"isWeiBo":false,"isQQ":false,"isBaiduSwan":false,"isBaiduBox":false,"isDingTalk":false,"isToutiao":false,"isOnePlus":false,"isHuaWei":false,"isXiaomi":false,"isXiaomiWebView":false,"isOppo":false,"isVivo":false,"isSamsung":false,"isMobile":false},"href":"/m/news/2642236214","isCrawlerRequest":true}