PANews reported on December 24 that SlowMist founder Yu Xian tweeted that a project had a serious security vulnerability in the testnet environment. Humanity Protocol stores the user's plaintext private key directly in the browser's sessionStorage . This problem occurs when logging in through Web2 (such as email login), the platform will automatically assign a wallet to the user, and the plaintext private key is directly exposed. He said that fortunately this is just a testnet and there is no actual harm.