Humanity Protocol Crashes Nearly 90% Intraday After $36M Attack

• Humanity Protocol crashed by nearly 90% after a coordinated attack across Ethereum and BSC, leading to the loss of over $36 million in assets.

Cryptocurrencies are still grappling with the market-wide drawdown over the past week. The all-time low investor sentiment amplified their bearish trajectory.

Just as the market was already moving past the shocking news about Zcash’s (ZEC) longtime vulnerability, a massive attack on Humanity Protocol (H) rattled it again. The irony here is that the protocol fell to a Sybil attack, a vulnerability it was specifically designed to prevent.

The event dragged the price of the Humanity Protocol token from a $0.7209 intraday high to a $0.07471 low, wiping nearly 90% of its value before recovering to $0.18 at the time of this report.

Nature of the Humanity Protocol Attack

On Tuesday, Humanity Protocol confirmed that it suffered coordinated attacks across Ethereum (ETH) and the Binance Smart Chain (BSC). The incident resulted in the loss of over $36 million in assets.

The foundation blamed the attack on a breach in one of its employees’ laptops. It led to the compromise of safe owner keys controlling the bridge ProxyAdmin used to execute protocol upgrades and manage cross-chain transfers.

By gaining control of the multisig keys, the attacker successfully modified the bridge’s logic, allowing the transfer of the ProxyAdmin ownership to the perpetrator’s wallet. Next, the culprit upgraded the bridge’s smart contract to siphon more than 141.2 million H in the initial sweep and mint over 200 million H in two tranches.

The protocol immediately halted deposits and withdrawals to the affected bridges and has coordinated with exchanges to contain the issue and mitigate its effects. It also launched an internal investigation and has contacted law enforcement authorities to seek their help in recovering some of the stolen funds.

“People in this community worked hard for what they hold here, and we feel the weight of that,” said Humanity. “We want to apologize for what has happened and thank you for your patience, messages, and for sticking with us.”

Attacker Mocks Humanity Protocol

According to the pseudonymous “banteg,” a prominent figure within the decentralized finance (DeFi) community, the attacker sent a message to Chris Blec, a staunch critic who recently exposed Humanity Protocol’s extreme centralization.

The perpetrator thanked the DeFi activist for revealing the over-centralization in Humanity Protocol, which made the attack easier because the culprit no longer needed to social engineer several developers. The laziness inherent in securing the network meant the attacker only needed to obtain the multisig keys from a single developer’s Metamask wallet.

“I was stressing out about needing to social engineer four different devs across three different time zones. Then you drop a revelation that it’s actually just one guy with six signer keys in his Metamask,” said Humanity’s attacker. “Thank you, king.”

The post Humanity Protocol Crashes Nearly 90% Intraday After $36M Attack appeared first on Blockzeit.