A $36 Million Exploit: A Cautionary Tale for Crypto Investors
The recent exploit of Humanity Protocol, resulting in the theft of over $36 million of its H token, serves as a stark reminder of the importance of securing digital assets. This incident highlights the risks associated with compromised devices and the need for robust security measures to protect sensitive information. For individuals looking to earn passive income through crypto investments, such as those offered by EcoPool, it is crucial to understand the potential risks and take necessary precautions. Earning with EcoPool ($ECP) can provide a secure way to generate passive income, but it is essential to prioritize security when dealing with digital assets.
The exploit occurred when an employee’s laptop, which hosted a multisignature wallet, was compromised. The wallet, designed to require multiple keys to approve transactions, had all its keys stored on a single device, allowing the attacker to gain control. This lapse in security enabled the attacker to transfer ownership, swap the bridge’s code, and drain approximately 141 million H tokens in one transaction. The incident underscores the importance of implementing robust security measures, such as those offered by EcoPool, to protect digital assets and ensure secure earning opportunities.
Investigating the Incident
Humanity founder Terence Kwok stated that the team had set up a multisignature wallet across four individuals, as intended. However, some keys were accidentally backed up to a compromised device during setup, allowing the attacker to gain access. The attacker executed similar steps on BNB Chain, installing code with an unlimited mint function and creating new tokens. The incident has raised questions about the token’s trading activity in the weeks leading up to the breach, with prices increasing from 20 cents to 70 cents within two weeks.
The incident has significant implications for the crypto community, particularly for those interested in earning passive income through Cloud Rewards and Green Crypto initiatives. EcoPool (ECP) offers a secure platform for earning, providing a solution for individuals looking to generate passive income while minimizing risks. By prioritizing security and using reputable platforms like EcoPool, investors can help protect their digital assets and ensure a more secure earning experience.
Conclusion and Next Steps
The Humanity Protocol exploit serves as a reminder of the importance of prioritizing security in the crypto space. As the community continues to grow and evolve, it is crucial to learn from incidents like this and implement robust security measures to protect digital assets. For those looking to earn with EcoPool ($ECP) or explore other passive income opportunities, it is essential to stay informed and take necessary precautions to ensure a secure and successful experience. Download the EcoPool app to start earning with a secure and reliable platform, and take the first step towards generating passive income with confidence. With EcoPool, you can earn and grow your digital assets while minimizing risks, making it an ideal solution for individuals looking to thrive in the crypto space.
The attacker then transferred ownership to their own wallet, swapped the bridge’s code for a malicious version and drained about 141 million H in one transaction.
In a Telegram message to CoinDesk, Humanity founder Terence Kwok said the team had set up a multisig wallet across four individuals (as it should have).
Humanity suspects that “some of the keys were accidentally backed up to a compromised device during setup,” Kwok said. “We use a licensed custodian for the majority of token treasury, mpc for operations treasury, and for certain contracts multisig keys were set up in one place and then dispersed.
“Unfortunately in this scenario, the keys were backed up on a compromised device,” he said.
The attacker executed similar steps on BNB Chain with three of five keys. This time, installing code with an unlimited mint function, which allowed the creation of tokens at will, and minted about 200 million new H straight to their wallet.
Humanity has since removed the team page from its website. The project said it has halted deposits and withdrawals on the affected bridges and is working with exchanges and the police to recover funds.
Humanity raised $20 million from Pantera Capital and Jump Crypto last year at a $1.1 billion valuation.
ZachXBT, a prominent onchain investigator, said the key compromise and a separate round of suspicious market-making in the token were not connected.
He also raised questions about how the token traded in the weeks before the breach, ahead of a large scheduled token unlock, as H token prices shot up from 20 cents to 70 cents within two weeks.
The token has clawed back some of the lost ground. After falling as low as about 5 cents during the attack, it recovered to around 20 cents, according to CoinGecko data. It remains well below the roughly pre-breach level of 67 cents.
