Humanity says compromised laptop led to $36M bridge attack
Humanity Protocol’s Terence Kwok said some multisig keys may have been accidentally backed up to a compromised device during setup.
Humanity Protocol said an employee’s laptop compromise allowed attackers to seize bridge controls, upgrade contracts and steal over $36 million in H tokens.
In an incident update on Tuesday, the protocol said the Monday attack affected the H token across Ethereum and BNB Chain. The team said three of six Gnosis Safe owner keys were compromised, allowing attackers to take control of bridge administration on both networks.
Once they had control, the attackers changed the bridge contracts into different malicious versions, Humanity said. On Ethereum, they drained around 141.2 million tokens. On BSC, they added a function that let them create unlimited tokens, then minted 200 million tokens directly to their own wallet.
Read more
