Humanity (H) has released a new statement regarding today’s security breach, announcing that the attack did not stem from a smart contract vulnerability.
The project team stated that there were no security vulnerabilities in the bridge infrastructure, token contract, and Safe system, and explained that all transactions carried out by the attacker were done with valid private key authorization.
According to the statement, the attack resulted from the compromise of the private key due to the signing key used in the production environment being backed up on a general-purpose development device without adequate security measures. Humanity acknowledged that this was both a human error and a lack of operational security.
The project team announced they are conducting a comprehensive investigation to determine how the attackers gained access to the devices and the timeline of the incident. They stated that they are working with external security experts and that digital forensics are being conducted on the compromised devices. Humanity said they will share further updates with the community as the investigation progresses.
On the other hand, the team announced that it is working on a fund recovery or compensation plan for users affected by the attack.
*This is not investment advice.
