News linked to both this project and an event.
Humanity released an incident update stating that its H token was subject to a coordinated attack on Ethereum and BSC on the evening of June 8, resulting in approximately $36 million worth of tokens stolen and dumped across both chains. The project disclosed that the attack originated from a compromised employee laptop, which led to the leakage of multiple owner keys for the Gnosis Safe controlling the Hyperlane bridge ProxyAdmin. On Ethereum, the attacker seized ownership of the ProxyAdmin and upgraded the contract to a malicious implementation, transferring approximately 141.2 million H tokens in a single transaction. On BSC, after similarly gaining control of the ProxyAdmin, the attacker deployed a malicious implementation with infinite minting capabilities, minting 200 million H tokens in two transactions and continuously dumping them. Humanity has suspended deposits and withdrawals on the affected cross-chain bridge and is cooperating with exchanges and law enforcement to investigate the incident and seek partial recovery of the stolen funds.
Humility Protocol released a security incident update on the X platform, stating that its H token suffered a coordinated attack on the Ethereum and BSC chains yesterday, with confirmed losses exceeding $36 million in stolen and dumped assets.Preliminary investigations indicate the incident originated from a compromised employee computer, which led to the leakage of private keys for the multi-signature wallet controlling the Hyperlane Bridge ProxyAdmin. Specifically, the attacker obtained 3 out of 6 private keys of the Gnosis Safe wallet on the Ethereum chain, transferred ownership of the ProxyAdmin to a wallet under their control, upgraded the bridge contract to a malicious implementation, and subsequently transferred approximately 141.2 million H tokens in a single transaction.Simultaneously, the attacker also gained control of 3 out of 5 private keys of the Safe wallet on the BSC chain, took over the ProxyAdmin using the same method, deployed a malicious contract with unlimited minting functionality, and minted 200 million H tokens in two separate transactions to their own wallet.Humility stated that it has suspended all deposit and withdrawal operations on the affected bridge services and is collaborating with partners such as exchanges to mitigate losses. Meanwhile, it is cooperating with the police investigation and attempting to recover part of the stolen funds.