Humanity Protocol, a decentralized identity project that uses palm scans to try to prove that users are human, has suffered a $36 million loss after attackers compromised a laptop belonging to an employee. After the laptop was infected with malware, the malicious code gained root access, then stole seven private keys that were reportedly accidentally stored in a backup. Several of the keys were sufficient to satisfy multisignature requirements, which are intended to prevent private key leaks from allowing attackers to gain control over sensitive infrastructure like bridges. With multisignature wallets, keys are supposed to be stored separately across multiple individuals and devices; however, in this case, attackers only needed to compromise one laptop to gain control over multisig-protected contracts.With the keys, the attacker stole more than 6 million of Humanity's H token, then used other keys to upgrade a bridge and drain 141 million more tokens. With the bridge access, they also…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.