humility

Humility Protocol released a security incident update on the X platform, indicating that yesterday the H token suffered a coordinated attack on the Ethereum and BSC chains, with over $36 million in assets confirmed to have been stolen and sold off.Preliminary investigations show that the incident originated from an employee's computer being compromised, leading to the leakage of the multi-signature wallet keys controlling the Hyperlane Bridge ProxyAdmin. Among them, the attacker obtained 3 out of 6 private keys from Gnosis Safe holders on the Ethereum chain, transferred ownership of ProxyAdmin to their controlled wallet, and upgraded the bridging contract to a malicious implementation, subsequently transferring approximately 141.2 million H tokens in a single transaction.Meanwhile, the attacker also controlled 3 out of 5 private keys from Safe wallet holders on the BSC chain, taking over ProxyAdmin in the same manner and deploying a malicious contract with unlimited minting capabilities, minting 200 million H tokens to their wallet in two transactions.Humility stated that it has suspended all deposit and withdrawal operations for the affected bridging services and is collaborating with exchanges and other relevant partners to mitigate losses, while also cooperating with law enforcement to investigate and attempt to recover some of the stolen funds.