Overview
- The H token of Humanity Protocol experienced a crash exceeding 80% after a security breach led to the theft of over $36 million due to compromised keys linked to an employee's laptop.
- Attackers exploited the situation by draining 141.2 million H tokens and minting an additional 200 million H through malicious contract upgrades, resulting in the suspension of bridge operations.
- This incident adds to a troubling trend in 2026, where DeFi protocols have already lost hundreds of millions due to various hacks.
The native token of Humanity Protocol, known as H, fell more than 80% on Tuesday after hackers gained access to private keys associated with the project, took control of the bridge admin functions, and made off with over $36 million from both Ethereum and BNB Chain.
According to a detailed update from the project, the attack, which occurred on Monday, was coordinated across Ethereum and BSC and stemmed from a breach involving an employee's compromised laptop.
INCIDENT UPDATE:
On June 8, the H token faced a synchronized attack on Ethereum and BSC. We are still investigating, but we wish to keep our community informed about the situation.
Currently, more than $36 million has been stolen across both chains…
— Humanity (@Humanityprot) June 9, 2026
This breach is part of a troubling pattern for DeFi security in 2026, with more than $885 million lost to hacks in the first half of the year, as reported by DeFiLlama data.
The attackers compromised three out of six Gnosis Safe keys on Ethereum and three out of five on BSC, gaining ProxyAdmin control, draining approximately 141.2 million H tokens, and minting an additional 200,000,005 H through malicious contract alterations, according to the project’s statement.
The H token plummeted from a peak of $0.73132 on Monday to a low of $0.079606 on Tuesday morning, representing a staggering 89% decline. Currently, H is trading around $0.20, reflecting a 73% drop for the day, effectively erasing much of the gains that had brought it close to its all-time high of $0.80 just a week prior.
Terence Kwok, the founder, acknowledged the breach and advised users to refrain from engaging with the project’s infrastructure until further notice.
We are aware of a security incident involving the compromise of private keys belonging to a Humanity Foundation member. For your safety, avoid interacting with the bridge or any liquidity pools until we confirm it’s secure.
We are collaborating with security experts…
— Terence Kwok 「 🖐️ ✦ 🌏 」 (@terencekwok) June 9, 2026
Humanity Protocol is a zero-knowledge Layer-2 blockchain that emphasizes decentralized identity verification, founded by Kwok and utilizing a "Proof of Humanity" system that validates users through palm scans instead of iris or facial recognition.
This incident marks another challenge for Kwok, whose previous venture, hospitality-tech startup Tink Labs, raised around $160 million and was one of Hong Kong's first unicorns before closing in 2019 due to financial difficulties.
The Humanity Protocol team has suspended deposits and withdrawals on the affected bridges and is working with exchanges and law enforcement to retrieve the stolen funds.
"The community members have invested significant effort into their holdings, and we feel the responsibility of that," the project stated, vowing to provide a comprehensive post-mortem analysis.
A Case of "Operational Security Failure"
Meir Dolev, co-founder and CTO at the blockchain security firm Cyvers, described the incident to Decrypt as "an operational security failure, not a smart-contract vulnerability," indicating that the attacker gained access through a private key associated with a member of the Humanity Foundation.
Following the contract upgrade, Dolev noted that the assailant exploited the mint function to create 100 million new H tokens, valued at approximately $12.9 million, and then exchanged the stolen and newly minted tokens for ETH and BNB, consolidating them across multiple wallets.
Dolev emphasized that draining about $30 million "necessitated owner/admin-level control to increase token supply via the proxy contract upgrade and directly access protocol-controlled wallets."
He stated, "The fundamental issue is structural: one key is entrusted with both the funds and the ability to amend the rules."
Kwok's warning to avoid the bridge and liquidity pools suggests that access "may not be completely contained," according to Dolev.
The attacker still possesses substantial H tokens but faces challenges in fully cashing out due to insufficient pool liquidity to accommodate the swaps, which makes the public alert "partly a strategy to prevent that liquidity from being affected."
Humanity Protocol is scheduled to unlock 266.5 million H tokens, approximately 9.4% of the released supply, valued at about $33 million at pre-crash prices, on June 25 across six allocations, as per Tokenomist data.
On-chain investigator ZachXBT initially suggested that the event might be "staged," implying it could serve as a convenient exit for the active market maker. However, he later retracted this statement, tweeting that, "Upon further examination of the laundering, it appears the questionable MM / OTC and the private key compromise are unrelated."
Dolev cautioned that the current on-chain evidence is inconclusive, as the attacker retains legitimate admin rights. He noted that where the funds ultimately end up in the coming days, and whether the compromised key was previously inactive, will be critical factors in determining the outcome.