$36M Humanity Protocol Exploit Enters New Phase as Funds Hit KuCoin

TLDR:

• The Humanity Protocol exploiter converted part of the stolen assets into USDC before exchange deposits.
• Blockchain data shows funds moved through multiple wallets, exchanges, and stablecoin conversions.
• Investigators linked the $36 million breach to malware delivered through a phishing email attack.
• The attacker gained admin access, moved 141 million H tokens, and minted additional assets.

The perpetrator of the Humanity Protocol exploit has started transferring some of the funds in the victim’s wallet around the crypto industry. The blockchain data indicates that some assets were converted to stablecoins before being sent to KuCoin. 

The transactions come weeks after a major security breach that compromised administrative controls and led to significant token losses. Recent on-chain activity provides new insight into how the attacker is handling the stolen assets.

Humanity Protocol Exploiter Moves Crypto Through USDC and KuCoin

Lookonchain’s blockchain analytics service said wallets used by the Humanity Protocol exploiter recently switched a portion of the funds they had stolen into USDC. These money was then moved to KuCoin via public blockchain records.

The tracking data shows that the attacker had distributed assets in multiple wallets before transferring such. There were several ETH transactions that ranged from 10 ETHs to 50 ETHs in the transfers.

There was also a bigger move of around 500 ETH that has been seen in the wallet transfers.The transfers followed a pattern commonly observed after major crypto exploits.

Lookonchain noted that the exploiter conducted several token swaps before sending funds to the exchange. The transactions included conversions into USDC and USDT.

The movement of funds extended beyond direct wallet transfers. On-chain records showed activity involving decentralized exchanges such as Uniswap and PancakeSwap.

Those platforms allowed the attacker to exchange assets while retaining control of the funds. Routing transactions through multiple addresses also made blockchain tracking more complex.

The latest transactions indicate that at least part of the stolen crypto has entered a more liquid form. Stablecoin conversions often play a key role in post-exploit fund movements.

Humanity Protocol Breach Traced to Phishing Attack

The Humanity Protocol exploit occurred on June 8. Reports indicate that a project director received a phishing email disguised as a message from a major South Korean crypto exchange.

The email contained a malicious attachment that installed malware on the recipient’s device. The software enabled the attacker to gain remote access and obtain sensitive credentials.

According to information surrounding the incident, the attacker extracted private keys and wallet data. That access opened a path to critical administrative accounts connected to Humanity Protocol.

After gaining control, the attacker upgraded smart contracts on Ethereum and moved approximately 141 million H tokens. The compromise also extended to a ProxyAdmin contract on BNB Smart Chain.

Control of that contract enabled unauthorized minting of additional H tokens. The newly created and stolen tokens were later sold through decentralized exchanges.

The selling activity increased pressure on the token market following the breach. Humanity Protocol subsequently froze its Ethereum contract and secured remaining assets through an unaffected multisignature wallet.

Recovery efforts remain focused on affected users and ecosystem participants. The BNB Smart Chain deployment continues to face challenges linked to the exploit.