Humanity Protocol — a biometric blockchain identity project and one of crypto’s top-performing tokens of 2026 — suffered a dramatic security collapse on June 9 that wiped out roughly $32 million and sent the H token tumbling about 90% in hours. On-chain investigators flagged activity across more than 17 wallets, and within hours the prominent analyst ZachXBT publicly questioned whether the breach was a genuine external hack or a staged exit by insiders, deepening distrust around the project.
What happened
- The exploit unfolded in two distinct phases. In the first, attackers minted 100 million H tokens, drained associated wallets, and converted roughly $23.7 million into ETH across multiple addresses, leaving about $7.9 million in H tokens on-chain, according to Arkham Intelligence’s flagged data.
- In the second phase the attacker pivoted to BNB Chain: Blockaid’s on-chain monitoring shows the H token’s proxy admin contract was taken over and another 100 million H tokens — worth about $12.9 million — were minted to a fresh wallet.
Humanity Protocol’s response
The team confirmed the incident in an official X post, saying private keys belonging to a Humanity Foundation member had been compromised. They warned users not to interact with the bridge or any liquidity pools until further notice and said official updates would come only from the project’s main account or co-founder Terence Kwok’s personal account.
Why the community is suspicious
The immediate technical facts might have fitted a conventional private-key compromise, but the narrative shifted after ZachXBT’s rapid-fire analysis on X:
- He flagged odd patterns inconsistent with a standard external attacker — notably that the token supply appeared concentrated and the H tokens were sold on decentralized exchanges rather than routed through centralized venues for liquidity, suggesting coordination with an “active market maker.”
- He called the incident “possibly staged,” arguing it would be a convenient way for an active market maker to exit.
- He also criticized the project’s promotional history and urged disclosure of any market-making agreements tied to the Hong Kong entity behind the project.
ZachXBT later softened some claims after further on-chain review suggested the private key compromise and market-maker issues might be unrelated. Still, the public questioning by one of crypto’s most-followed on-chain investigators had already inflicted reputational damage.
Context that raises red flags
- H had been an extreme outperformer in 2026, climbing roughly 875% above its low before the crash (BanklessTimes). That extreme momentum, followed by an abrupt 90% wipeout, raises obvious alarm bells.
- A scheduled token unlock on June 25 — two weeks after the incident — makes the timing suspiciously convenient for an exit ahead of large vesting events.
- Reports indicate three of the project’s four co-founders have histories that include lawsuits, allegations of financial misconduct, and managerial controversies.
- Internally cited figures suggested only about 1 million of the project’s roughly 9 million registered identities had completed the biometric verification that underpins Humanity’s core value proposition.
What’s next
On-chain evidence is still being gathered and analyzed. Whether the event ultimately proves to be a third-party compromise or a coordinated insider exit remains unresolved. What is certain: roughly $32 million was drained, the H token’s market value has cratered, and a community that bought into Humanity Protocol’s identity story is left with hard questions and a shaken trust.
Image credits: cover from Grok; ETHUSD chart from TradingView.
Read more AI-generated news on: undefined/news
