NK-Linked Hackers Steal $36M Via Phishing Email

A sophisticated phishing attack has compromised Humanity Protocol, resulting in a $36 million theft of its H tokens, with blockchain security firm Quantstamp pointing to North Korean-linked actors. The breach occurred Monday after an employee opened a malicious attachment disguised as an update from South Korean exchange Bithumb. This attachment installed malware that granted the attackers complete remote access to the device.

Consequently, the attackers copied director Chong Yee Wai’s MetaMask wallet credentials and private keys. Quantstamp noted the malware was signed with a South Korean Hancom digital certificate, a pattern it described as “characteristic of DPRK intrusions.” This suspected link adds to a series of major crypto thefts attributed to the country.

Meanwhile, North Korea-linked threat actors were responsible for at least $578 million of the $634 million stolen in crypto-related incidents this past April. According to a May report by CertiK, the same actors have been linked to about $2 billion of the $3.4 billion lost to crypto exploits in 2025. Over the past decade, North Korea-linked actors stole an estimated $6.75 billion in cryptocurrency across 263 documented incidents, the report said.

However, North Korea has formally denied these allegations. On May 3, a Foreign Ministry spokesperson Ripple-asia-express/” rel=”nofollow noopener” target=”_blank”>rejected them in a statement carried by state media. The spokesperson accused the U.S. of spreading incorrect narratives about a non-existent cyber threat.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Kraken Named FIFA World Cup’s Official Crypto Exchange
• U.S. Blocks Anthropic’s Top AI Models Over Security Fears
• Critical Splunk Vulnerability Allows Unauthenticated RCE
• AI Agent Bills Operator $6.5k After Wild AWS Spree
• Bitcoin ETF Inflows Spark Hope After 2026 Price Lows