A phishing email impersonating Bithumb led Humanity Protocol director Chong Yee Wai to download a malicious attachment from an attacker-controlled host, after which a Hancom-signed loader and remote-access tooling gave the attacker control of his Windows machine. Quantstamp assessed the loader-signing pattern as characteristic of DPRK intrusions, and the attacker copied MetaMask and private-key material from the host. On 8 June 2026, the stolen keys were used to alter Ethereum/BSC contract control, mint and move roughly 241 million $H, drain about 150 operational wallets, and sell tokens on Uniswap and PancakeSwap, causing an approximately 89% market-price drop. Known attacker-controlled proceeds exceeded USD 21 million in ETH, with BNB-side tracing still in progress.